CVE-2016-0183

HIGH

Microsoft Office 2010 SP2 - Remote Code Execution via Crafted Embedded Font

Title source: llm
STIX 2.1

Description

The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035819

Scores

CVSS v3 8.8
EPSS 0.1570
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (4)
microsoft/office 2010 sp2
microsoft/office_web_apps 2010 sp2
microsoft/sharepoint_server 2010 sp2
microsoft/word 2010 sp2
Published May 11, 2016
Tracked Since Feb 18, 2026