| Vulnerability Name: | CVE-2016-3360 (CCN-116428) |
| Assigned: | 2016-09-13 |
| Published: | 2016-09-13 |
| Updated: | 2018-10-12 |
| Summary: | Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2016-3360
Source: CCN
Type: Microsoft Security Bulletin MS16-107
Security Update for Office (3185852)
Source: CCN
Type: Microsoft Security Bulletin MS16-121
Security Update for Microsoft Office (3194063)
Source: CCN
Type: Microsoft Security Bulletin MS16-133
Security Update for Microsoft Office (3199168)
Source: CCN
Type: Microsoft Security Bulletin MS16-148
Security Update for Microsoft Office (3204068)
Source: CCN
Type: Microsoft Security Bulletin MS17-002
Security Update for Microsoft Office (3214291)
Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)
Source: CCN
Type: Microsoft Security Bulletin MS17-014
Security Update for Microsoft Office (4013241)
Source: BID
Type: UNKNOWN
92796
Source: SECTRACK
Type: UNKNOWN
1036785
Source: MS
Type: UNKNOWN
MS16-107
Source: XF
Type: UNKNOWN
ms-office-cve20163360-code-exec(116428)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*OR cpe:/a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*OR cpe:/a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*OR cpe:/a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:microsoft:powerpoint_viewer:*:*:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*OR cpe:/a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*AND cpe:/a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
microsoft office compatibility pack * sp3
microsoft office web apps 2010 sp2
microsoft office web apps server 2013 sp1
microsoft powerpoint 2007 sp3
microsoft powerpoint 2010 sp2
microsoft powerpoint 2013 sp1
microsoft powerpoint 2013 sp1
microsoft powerpoint for mac 2016
microsoft powerpoint viewer *
microsoft sharepoint designer 2013 sp1
microsoft powerpoint viewer *
microsoft powerpoint 2007 sp3
microsoft office compatibility pack * sp3
microsoft office web apps 2010 sp2
microsoft office web apps 2013 sp1
microsoft powerpoint 2013 sp1
microsoft sharepoint server 2013 sp1