CVE-2016-7262

HIGH KEV

Microsoft Office < - Command Injection

Title source: llm

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94660

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037441

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7262

Scores

CVSS v3 7.8

EPSS 0.8818

EPSS Percentile 99.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2020-06-03

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2016-8118

Status published

Products (6)

microsoft/excel 2007 sp3

microsoft/excel 2010 sp2

microsoft/excel 2013 sp1 (2 CPE variants)

microsoft/excel 2016

microsoft/excel_viewer

microsoft/office_compatibility_pack

Published Dec 20, 2016

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026