CVE-2016-7276

HIGH

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, for Mac 2011, and 2016 for Mac - Out-of-bounds Read via Crafted Document

Title source: llm
STIX 2.1

Description

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94666
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037441

Scores

CVSS v3 7.1
EPSS 0.2508
EPSS Percentile 97.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (5)
microsoft/office 2007 sp3
microsoft/office 2010 sp2
microsoft/office 2013 sp1
microsoft/office_for_mac 2011
microsoft/office_for_mac 2016
Published Dec 20, 2016
Tracked Since Feb 18, 2026