Vulnerability Details : CVE-2016-3235
Public exploit exists!
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Products affected by CVE-2016-3235
- cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*
CVE-2016-3235 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Office OLE DLL Side Loading Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-3235
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2016-3235
1.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-3235
-
Office OLE Multiple DLL Side Loading Vulnerabilities
Disclosure Date: 2015-12-08First seen: 2020-04-26exploit/windows/fileformat/office_ole_multiple_dll_hijackMultiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the curr
CVSS scores for CVE-2016-3235
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-24 |
References for CVE-2016-3235
-
http://www.securitytracker.com/id/1036093
Microsoft Office Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070
Microsoft Security Bulletin MS16-070 - Critical | Microsoft DocsPatch;Vendor Advisory
-
http://seclists.org/fulldisclosure/2016/Jun/32
Full Disclosure: Microsoft Visio multiple DLL side loading vulnerabilitiesMailing List;Third Party Advisory
-
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
Microsoft Visio multiple DLL side loading vulnerabilities - Security Advisories and Insights - Securify B.V.Exploit;Third Party Advisory
-
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
Microsoft Visio DLL Hijacking ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/538685/100/0/threaded
SecurityFocusBroken Link;Third Party Advisory;VDB Entry
Jump to