Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-3279 |
CWE-ID | CWE-264 CWE-667 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Microsoft Office Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft PowerPoint Client/Desktop applications / Office applications Microsoft Word Client/Desktop applications / Office applications Microsoft Office Web Apps Client/Desktop applications / Office applications Word Automation Services on Microsoft SharePoint Server Server applications / Other server solutions |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU132
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-3279
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionA remote attacker can bypass certain security restrictions.
The vulnerability exists due to an error when parsing file formats. A remote attacker can bypass certain security restrictions.
Successful exploitation of this vulnerability may allow an attacker to bypass certain security features, implemented in Microsoft Office products, and take advantage of other vulnerabilities.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Office: 2010 Service Pack 2 - 2016
Microsoft Excel: 2010 Service Pack 2 - 2016
Microsoft PowerPoint: 2010 Service Pack 2 - 2013 Service Pack 1
Microsoft Word: 2010 Service Pack 2 - 2016
Word Automation Services on Microsoft SharePoint Server: 2010 Service Pack 2
Microsoft Office Web Apps: 2010 Service Pack 2
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3279
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.