CVE-2016-7298
published 2016-12-20CVE-2016-7298: Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause…
PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
22.61%
97.4th percentile
Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
### Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin for this month. It addresses a total of ni
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
## Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
## Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin
http://www.securityfocus.com/bid/94720http://www.securitytracker.com/id/1037441https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148http://www.securityfocus.com/bid/94720http://www.securitytracker.com/id/1037441https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148
2016-12-20
Published