← Zuruck zu CVEs
CVE-2016-3235
HIGHCISA KEV7.8
Beschreibung
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht6/16/2016
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktOffice
SchwachstellennameMicrosoft Office OLE DLL Side Loading Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown
Betroffene Produkte
microsoft:visiomicrosoft:visio_viewer
Referenzen
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(secure@microsoft.com)
http://seclists.org/fulldisclosure/2016/Jun/32(secure@microsoft.com)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(secure@microsoft.com)
http://www.securitytracker.com/id/1036093(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(secure@microsoft.com)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(secure@microsoft.com)
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jun/32(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036093(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(af854a3a-2127-422b-91ae-364da2661108)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.