CVE-2016-3234

MEDIUM

Microsoft Office - Information Disclosure

Title source: rule

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

References (2)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036093

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070

Scores

CVSS v3 5.5

EPSS 0.2716

EPSS Percentile 96.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (10)

microsoft/office

microsoft/office_compatibility_pack

microsoft/office_web_apps

microsoft/sharepoint_server

microsoft/word

microsoft/word_viewer

Timeline

Published Jun 16, 2016

Tracked Since Feb 18, 2026