7.8

CVE-2016-7262

Warning

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftExcel Version2007 Updatesp3
MicrosoftExcel Version2010 Updatesp2
MicrosoftExcel Version2013 Updatesp1 SwEdition-
MicrosoftExcel Version2013 Updatesp1 SwEditionrt
MicrosoftExcel Version2016
MicrosoftExcel Viewer Version-
MicrosoftOffice Compatibility Pack Version- Updatesp3

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Security Feature Bypass Vulnerability

Vulnerability

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 84.4% 0.993
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
http://www.securitytracker.com/id/1037441
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/94660
Third Party Advisory
Broken Link
VDB Entry