// For flags

CVE-2016-3235

Microsoft Office OLE DLL Side Loading Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3 y Visio Viewer 2010 no maneja adecuadamente la carga de librerías, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Microsoft Office OLE DLL Side Loading Vulnerability."

Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-08 First Exploit
  • 2016-03-15 CVE Reserved
  • 2016-06-15 CVE Published
  • 2021-11-03 Exploited in Wild
  • 2022-05-03 KEV Due Date
  • 2024-08-05 CVE Updated
  • 2024-10-20 EPSS Updated
CWE
CAPEC
References (18)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Visio
Search vendor "Microsoft" for product "Visio"
2007
Search vendor "Microsoft" for product "Visio" and version "2007"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Visio
Search vendor "Microsoft" for product "Visio"
2010
Search vendor "Microsoft" for product "Visio" and version "2010"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Visio
Search vendor "Microsoft" for product "Visio"
2013
Search vendor "Microsoft" for product "Visio" and version "2013"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Visio
Search vendor "Microsoft" for product "Visio"
2016
Search vendor "Microsoft" for product "Visio" and version "2016"
-
Affected
Microsoft
Search vendor "Microsoft"
Visio Viewer
Search vendor "Microsoft" for product "Visio Viewer"
2007
Search vendor "Microsoft" for product "Visio Viewer" and version "2007"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Visio Viewer
Search vendor "Microsoft" for product "Visio Viewer"
2010
Search vendor "Microsoft" for product "Visio Viewer" and version "2010"
-
Affected