← Volver a CVEs
CVE-2016-3235
HIGHCISA KEV7.8
Descripcion
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado6/16/2016
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoOffice
Nombre vulnerabilidadMicrosoft Office OLE DLL Side Loading Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown
Productos afectados
microsoft:visiomicrosoft:visio_viewer
Referencias
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(secure@microsoft.com)
http://seclists.org/fulldisclosure/2016/Jun/32(secure@microsoft.com)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(secure@microsoft.com)
http://www.securitytracker.com/id/1036093(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(secure@microsoft.com)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(secure@microsoft.com)
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jun/32(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036093(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(af854a3a-2127-422b-91ae-364da2661108)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.