CVE-2016-0053 : Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibilit

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Published 2016-02-10 11:59:17

Updated 2018-10-12 22:10:53

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2016-0053

Probability of exploitation activity in the next 30 days: 70.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-0053

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-0053

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0053

http://www.securitytracker.com/id/1034975

Microsoft SharePoint Server Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://www.securitytracker.com/id/1034976

Microsoft Office File Processing Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015

Microsoft Security Bulletin MS16-015 - Critical | Microsoft Docs

CVEs referencing this url

Products affected by CVE-2016-0053

Microsoft » Office » Version: 2010 Update SP2 X64 Edition
cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2010 Update SP2 X86 Edition
cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2007 Update SP3
cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2010 Update SP2
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Word » Version: 2016
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer
cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: 2013 Update SP1
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps Server » Version: 2013 Update SP1
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-0053

Exploit prediction scoring system (EPSS) score for CVE-2016-0053

CVSS scores for CVE-2016-0053

CWE ids for CVE-2016-0053

References for CVE-2016-0053

Products affected by CVE-2016-0053