Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2016/Jun/32 | Mailing List Third Party Advisory |
http://www.securityfocus.com/archive/1/538685/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036093 | Broken Link Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 | Patch Vendor Advisory |
https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jul 2024, 17:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html - Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2016/Jun/32 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/538685/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1036093 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 - Patch, Vendor Advisory | |
References | () https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html - Exploit, Third Party Advisory | |
CWE | NVD-CWE-noinfo |
Information
Published : 2016-06-16 01:59
Updated : 2024-07-24 17:05
NVD link : CVE-2016-3235
Mitre link : CVE-2016-3235
CVE.ORG link : CVE-2016-3235
JSON object : View
Products Affected
microsoft
- visio_viewer
- visio
CWE