Vulnerability Details : CVE-2016-3279
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2016-3279
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_rt:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:powerpoint_rt:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel_rt:2013:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3279
13.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-3279
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3279
-
http://www.securitytracker.com/id/1036275
Microsoft SharePoint File Processing Flaws Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.securityfocus.com/bid/91587
Microsoft Office CVE-2016-3279 Remote Code Execution Vulnerability
-
http://www.securitytracker.com/id/1036274
Microsoft Office Multiple File Processing Memory Corruption Errors Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088
Microsoft Security Bulletin MS16-088 - Critical | Microsoft Docs
Jump to