CVE-2016-7289

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

34.2%

top 3.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Publisher

Timeline

PublishedDec 20

Description

Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/publisher2010

🔴Vulnerability Details

CVEList

CVE-2016-7289: Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document↗2016-12-20

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2016-12-13

▶