CVE-2016-7264

HIGH

Microsoft Excel - Out-of-Bounds Read

Title source: rule

Description

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037441

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94769

Scores

CVSS v3 7.1

EPSS 0.1130

EPSS Percentile 93.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (5)

microsoft/excel 2007 sp3

microsoft/excel_for_mac 2011

microsoft/excel_for_mac 2016

microsoft/excel_viewer

microsoft/office_compatibility_pack

Published Dec 20, 2016

Tracked Since Feb 18, 2026