CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-3235

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score27.2500%
EPSS Percentile96.93th
Published2016年6月16日
Last Modified2026年4月22日

Vulnerability Description

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Visio

= 2007
📦
Microsoft

Visio

= 2010
📦
Microsoft

Visio

= 2013
📦
Microsoft

Visio

= 2016
📦
Microsoft

Visio Viewer

= 2007
📦
Microsoft

Visio Viewer

= 2010

References & Advisories

🔗 http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
🔗 http://seclists.org/fulldisclosure/2016/Jun/32
🔗 http://www.securityfocus.com/archive/1/538685/100/0/threaded
🔗 http://www.securitytracker.com/id/1036093
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070
🔗 https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
🔗 http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
🔗 http://seclists.org/fulldisclosure/2016/Jun/32

相关漏洞威胁

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2007-09349.3

Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VS...

CVE-2006-55749.3

Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for ...

CVE-2007-09369.3

Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a ...