CVE-2016-3360

HIGH

Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Document

Title source: llm
STIX 2.1

Description

Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92796
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036785

Scores

CVSS v3 7.8
EPSS 0.1724
EPSS Percentile 96.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (9)
microsoft/office_compatibility_pack
microsoft/office_web_apps 2010 sp2
microsoft/office_web_apps_server 2013 sp1
microsoft/powerpoint 2007 sp3
microsoft/powerpoint 2010 sp2
microsoft/powerpoint 2013 sp1 (2 CPE variants)
microsoft/powerpoint_for_mac 2016
microsoft/powerpoint_viewer
microsoft/sharepoint_designer 2013 sp1
Published Sep 14, 2016
Tracked Since Feb 18, 2026