← Back to CVEs
CVE-2016-3235
HIGHCISA KEV7.8
Description
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published6/16/2016
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorMicrosoft
ProductOffice
Vulnerability NameMicrosoft Office OLE DLL Side Loading Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown
Affected Products
microsoft:visiomicrosoft:visio_viewer
References
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(secure@microsoft.com)
http://seclists.org/fulldisclosure/2016/Jun/32(secure@microsoft.com)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(secure@microsoft.com)
http://www.securitytracker.com/id/1036093(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(secure@microsoft.com)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(secure@microsoft.com)
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jun/32(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036093(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(af854a3a-2127-422b-91ae-364da2661108)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.