CVE Vulnerabilities

CVE-2016-3279

Published: Jul 13, 2016 | Modified: Oct 12, 2018
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka Microsoft Office Remote Code Execution Vulnerability.

Affected Software

Name Vendor Start Version End Version
Excel Microsoft 2010-sp2 (including) 2010-sp2 (including)
Excel Microsoft 2013-sp1 (including) 2013-sp1 (including)
Excel Microsoft 2016 (including) 2016 (including)
Excel_rt Microsoft 2013-sp1 (including) 2013-sp1 (including)
Office Microsoft 2010-sp2 (including) 2010-sp2 (including)
Office_web_apps Microsoft 2010-sp2 (including) 2010-sp2 (including)
Powerpoint Microsoft 2010-sp2 (including) 2010-sp2 (including)
Powerpoint Microsoft 2013-sp1 (including) 2013-sp1 (including)
Powerpoint_rt Microsoft 2013-sp1 (including) 2013-sp1 (including)
Sharepoint_server Microsoft 2010-sp2 (including) 2010-sp2 (including)
Word Microsoft 2010-sp2 (including) 2010-sp2 (including)
Word Microsoft 2013-sp1 (including) 2013-sp1 (including)
Word Microsoft 2016 (including) 2016 (including)
Word_rt Microsoft 2013-sp1 (including) 2013-sp1 (including)

References