CVE-2016-7291
moderate-risk
Published 2016-12-20
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
Do I need to act?
!
10.9% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (8)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/94671
Third Party Advisory
http://www.securitytracker.com/id/1037441
Third Party Advisory
http://www.securityfocus.com/bid/94671
Third Party Advisory
http://www.securitytracker.com/id/1037441
47
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
11/34 · Low
Exposure
14/34 · Moderate