Vulnerability Name: CVE-2016-7291 (CCN-119283) Assigned: 2016-12-13 Published: 2016-12-13 Updated: 2018-10-12 Summary: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290 . CVSS v3 Severity: 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H )6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N )2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-125 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2016-7291 Source: CCN Type: Microsoft Security Bulletin MS16-148Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-013Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014Security Update for Microsoft Office (4013241) Source: BID Type: Third Party Advisory, VDB Entry94671 Source: CCN Type: BID-94671Microsoft Office CVE-2016-7291 Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1037441 Source: MS Type: UNKNOWNMS16-148 Source: XF Type: UNKNOWNms-office-cve20167291-info-disc(119283) Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:word:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:word_automation_services:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:word_for_mac:2011:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:word:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:x32:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:word:2011:*:*:*:mac:*:*:* AND cpe:/a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.cisecurity:def:1641 V Microsoft Office Information Disclosure Vulnerability – CVE-2016-7291 (MS16-148) 2017-01-27
BACK
microsoft office 2010 sp2
microsoft office compatibility pack - sp3
microsoft office web apps 2010 sp2
microsoft sharepoint server 2010 sp2
microsoft word 2007 sp3
microsoft word 2010 sp2
microsoft word automation services -
microsoft word for mac 2011
microsoft office compatibility pack * sp3
microsoft word 2007 sp3
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft word 2010 sp2
microsoft word 2010 sp2
microsoft office web apps 2010 sp2
microsoft word 2011
microsoft sharepoint server 2010 sp2