7.1

CVE-2016-7290

EPSS 9.19%
Veröffentlicht 20.12.2016 06:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Office Version2010 Updatesp2

Microsoft ≫ Office Compatibility Pack Version- Updatesp3

Microsoft ≫ Office Web Apps Version2010 Updatesp2

Microsoft ≫ Sharepoint Server Version2010 Updatesp2

Microsoft ≫ Word Version2007 Updatesp3

Microsoft ≫ Word Version2010 Updatesp2

Microsoft ≫ Word Automation Services Version-

Microsoft ≫ Word For Mac Version2011

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.19%	0.919

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1037441

Third Party Advisory

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148

http://www.securityfocus.com/bid/94670

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-7290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7290

EUVD