← Voltar para CVEs
CVE-2016-3235
HIGHCISA KEV7.8
Descricao
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado6/16/2016
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoOffice
Nome da vulnerabilidadeMicrosoft Office OLE DLL Side Loading Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareUnknown
Produtos afetados
microsoft:visiomicrosoft:visio_viewer
Referencias
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(secure@microsoft.com)
http://seclists.org/fulldisclosure/2016/Jun/32(secure@microsoft.com)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(secure@microsoft.com)
http://www.securitytracker.com/id/1036093(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(secure@microsoft.com)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(secure@microsoft.com)
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jun/32(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/538685/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036093(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070(af854a3a-2127-422b-91ae-364da2661108)
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3235(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.