← Retour aux CVEs
CVE-2016-3235
HIGHCISA KEV7.8
Description
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie6/16/2016
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitOffice
Nom vulnerabiliteMicrosoft Office OLE DLL Side Loading Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
microsoft:visiomicrosoft:visio_viewer
References
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(secure@microsoft.com)
http://seclists.org/fulldisclosure/2016/Jun/32(secure@microsoft.com)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(secure@microsoft.com)
http://www.securitytracker.com/id/1036093(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(secure@microsoft.com)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(secure@microsoft.com)
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jun/32(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036093(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(af854a3a-2127-422b-91ae-364da2661108)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.