CVE-2016-3235
critical-risk
Published 2016-06-16
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Do I need to act?
!
81.2% chance of exploitation in next 30 days
EPSS score — higher than 19% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (6)
Affected Vendors
References (13)
Third Party Advisory
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
Mailing List
http://seclists.org/fulldisclosure/2016/Jun/32
Broken Link
http://www.securitytracker.com/id/1036093
Third Party Advisory
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html
Mailing List
http://seclists.org/fulldisclosure/2016/Jun/32
Broken Link
http://www.securitytracker.com/id/1036093
71
/ 100
critical-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
13/34 · Low