CVE-2016-3235
Microsoft Office OLE DLL Side Loading Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3 y Visio Viewer 2010 no maneja adecuadamente la carga de librerías, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Microsoft Office OLE DLL Side Loading Vulnerability."
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-08 First Exploit
- 2016-03-15 CVE Reserved
- 2016-06-15 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-10-20 EPSS Updated
CWE
CAPEC
References (18)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/41706 | 2015-12-08 | |
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | 2024-07-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2007 Search vendor "Microsoft" for product "Visio" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2010 Search vendor "Microsoft" for product "Visio" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2013 Search vendor "Microsoft" for product "Visio" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visio Search vendor "Microsoft" for product "Visio" | 2016 Search vendor "Microsoft" for product "Visio" and version "2016" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visio Viewer Search vendor "Microsoft" for product "Visio Viewer" | 2007 Search vendor "Microsoft" for product "Visio Viewer" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visio Viewer Search vendor "Microsoft" for product "Visio Viewer" | 2010 Search vendor "Microsoft" for product "Visio Viewer" and version "2010" | - |
Affected
|