Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Published 2016-06-16 01:59:37
Updated 2024-07-24 17:05:25
View at NVD,   CVE.org

Products affected by CVE-2016-3235

CVE-2016-3235 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft Office OLE DLL Side Loading Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-3235
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2016-3235

1.25%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2016-3235

  • Office OLE Multiple DLL Side Loading Vulnerabilities
    Disclosure Date: 2015-12-08
    First seen: 2020-04-26
    exploit/windows/fileformat/office_ole_multiple_dll_hijack
    Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the curr

CVSS scores for CVE-2016-3235

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
7.8
HIGH CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST 2024-07-24

References for CVE-2016-3235

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!