← Back

CVE-2016-3279

nvd nist
Published: Jul 13, 2016Modified: May 6, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."

Affected (14)

Microsoft
9 products
Excel
Excel Rt
Office
Office Web Apps
Powerpoint
Powerpoint Rt
Sharepoint Server
Word
Word Rt
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Excel
Version 2010 sp2
Excel
Version 2013 sp1
Excel
Version 2016
Excel Rt
Version 2013 sp1
Office
Version 2010 sp2
Office Web Apps
Version 2010 sp2
Microsoft
Powerpoint
Version 2010 sp2
Powerpoint
Version 2013 sp1
Powerpoint Rt
Version 2013 sp1
Sharepoint Server
Version 2010 sp2
Microsoft
Word
Version 2010 sp2
Word
Version 2013 sp1
Word
Version 2016
Word Rt
Version 2013 sp1

Related CWEs

CWE-254
CWE-254

References (8)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.