Vulnerability Details : CVE-2016-7233
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Vulnerability category: Denial of serviceInformation leak
Products affected by CVE-2016-7233
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7233
14.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7233
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-7233
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7233
-
http://www.securityfocus.com/bid/94031
Microsoft Office CVE-2016-7233 Information Disclosure Vulnerability
-
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232
Protect Your Business with Verisign’s Security Services – Verisign
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133
Microsoft Security Bulletin MS16-133 - Important | Microsoft Docs
-
http://www.securitytracker.com/id/1037246
Microsoft Office Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information from Memory, and Cause Denial of Service Conditions - SecurityTracker
Jump to