Oval Definition:oval:org.cisecurity:def:879
Revision Date:2016-07-29Version:13
Title:Microsoft Office OLE DLL Side Loading Vulnerability – CVE-2016-3235 (MS16-070)
Description:Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-3235
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Visio 2007
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Visio Viewer 2007
Microsoft Visio Viewer 2010
Definition Synopsis
  • MS Visio 2007 + vulnerable version
  • Microsoft Office Visio 2007 Service Pack 3 is installed
  • AND Check if the version of visio.exe is less than 12.0.6749.5000
  • OR MS Visio 2010 + vulnerable version
  • Microsoft Visio 2010 SP2 is installed
  • AND Check if the version of visio.exe is less than 14.0.7170.5000
  • OR MS Visio 2013 + vulnerable version
  • Microsoft Visio 2013 SP1 is installed
  • AND Check if the version of visio.exe is less than 15.0.4831.1000
  • OR MS Visio 2016 + vulnerable version
  • Microsoft Visio 2016 is installed
  • AND Check if the version of visio.exe is less than 16.0.4390.1000
  • OR MS Visio Viewer 2007 + vulnerable version
  • Microsoft Office Visio Viewer 2007 is installed
  • AND Check if the version of vviewdwg.dll is less than 12.0.6749.5000
  • OR MS Visio Viewer 2010 + vulnerable version
  • Microsoft Visio Viewer 2010 is installed
  • AND Check if the version of vviewdwg.dll is less than 14.0.7170.5000
    • BACK