7.8

CVE-2016-7262

Warnung

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExcel Version2007 Updatesp3
MicrosoftExcel Version2010 Updatesp2
MicrosoftExcel Version2013 Updatesp1 SwEdition-
MicrosoftExcel Version2013 Updatesp1 SwEditionrt
MicrosoftExcel Version2016
MicrosoftExcel Viewer Version-
MicrosoftOffice Compatibility Pack Version- Updatesp3

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Security Feature Bypass Vulnerability

Schwachstelle

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 84.4% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
http://www.securitytracker.com/id/1037441
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/94660
Third Party Advisory
Broken Link
VDB Entry