CVE-2016-3360
HIGHMicrosoft Office Compatibility Pack - Remote Code Execution via Crafted Document
Title source: llmDescription
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92796
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036785
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107
Scores
CVSS v3
7.8
EPSS
0.1724
EPSS Percentile
96.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (9)
microsoft/office_compatibility_pack
microsoft/office_web_apps
2010 sp2
microsoft/office_web_apps_server
2013 sp1
microsoft/powerpoint
2007 sp3
microsoft/powerpoint
2010 sp2
microsoft/powerpoint
2013 sp1 (2 CPE variants)
microsoft/powerpoint_for_mac
2016
microsoft/powerpoint_viewer
microsoft/sharepoint_designer
2013 sp1
Published
Sep 14, 2016
Tracked Since
Feb 18, 2026