CVE-2016-3235

HIGH KEV

Microsoft Visio <2016 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2016-3235 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Metasploit.

AI-analyzed exploit summary This Metasploit module exploits multiple DLL side-loading vulnerabilities in various COM components by embedding a malicious OLE object in a PowerPoint file. When opened, the target system loads a malicious DLL from the current directory, leading to arbitrary code execution.

Description

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41706

View Code ZIP pw:eip

This Metasploit module exploits multiple DLL side-loading vulnerabilities in various COM components by embedding a malicious OLE object in a PowerPoint file. When opened, the target system loads a malicious DLL from the current directory, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (2007-2016) and Windows (Vista-10)

No auth needed

Prerequisites: Victim must open a specially crafted PowerPoint file from a directory containing the attacker's DLL

MITRE ATT&CK

T1204.002 - Malicious File

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070

Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/538685/100/0/threaded

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036093

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Jun/32

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235

Scores

CVSS v3 7.8

EPSS 0.4343

EPSS Percentile 98.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2016-4273

Status published

Products (6)

microsoft/visio 2007 sp3

microsoft/visio 2010 sp2

microsoft/visio 2013 sp1

microsoft/visio 2016

microsoft/visio_viewer 2007 sp3

microsoft/visio_viewer 2010

Published Jun 16, 2016

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026