CVE-2016-0012

EPSS 13.31%
Published 13.01.2016 05:59:10
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Excel Version2007 Updatesp3

Microsoft ≫ Excel Version2010 Updatesp2 HwPlatformx64

Microsoft ≫ Excel Version2010 Updatesp2 HwPlatformx86

Microsoft ≫ Excel Version2013 Updatesp1

Microsoft ≫ Excel Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Excel Version2016

Microsoft ≫ Office Version2007 Updatesp3

Microsoft ≫ Office Version2010 Updatesp2 Editionx64

Microsoft ≫ Office Version2010 Updatesp2 Editionx86

Microsoft ≫ Office Version2013 Updatesp1

Microsoft ≫ Office Version2016

Microsoft ≫ Powerpoint Version2010 Updatesp2

Microsoft ≫ Powerpoint Version2013 Updatesp1

Microsoft ≫ Powerpoint Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Powerpoint Version2016

Microsoft ≫ Visio Version2007 Updatesp3

Microsoft ≫ Visio Version2010 Updatesp2

Microsoft ≫ Visio Version2013 Updatesp1

Microsoft ≫ Visio Version2016

Microsoft ≫ Visual Basics Version6.0 SwEditionrt

Microsoft ≫ Word Version2007 Updatesp3

Microsoft ≫ Word Version2010 Updatesp2

Microsoft ≫ Word Version2013 Updatesp1

Microsoft ≫ Word Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Word Version2016

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.31%	0.935

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004

http://www.securitytracker.com/id/1034651

https://nvd.nist.gov/vuln/detail/CVE-2016-0012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0012

EUVD