CyberSec.Space Logo
Back to CVE Browser

CVE-2016-3235

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score27.2500%
EPSS Percentile96.93th
PublishedJun 16, 2016
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Visio

= 2007
πŸ“¦
Microsoft

Visio

= 2010
πŸ“¦
Microsoft

Visio

= 2013
πŸ“¦
Microsoft

Visio

= 2016
πŸ“¦
Microsoft

Visio Viewer

= 2007
πŸ“¦
Microsoft

Visio Viewer

= 2010

References & Advisories

πŸ”— http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
πŸ”— http://seclists.org/fulldisclosure/2016/Jun/32
πŸ”— http://www.securityfocus.com/archive/1/538685/100/0/threaded
πŸ”— http://www.securitytracker.com/id/1036093
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070
πŸ”— https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
πŸ”— http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
πŸ”— http://seclists.org/fulldisclosure/2016/Jun/32

Related Vulnerabilities

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2007-09349.3

Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VS...

CVE-2006-55749.3

Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for ...

CVE-2007-09369.3

Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a ...