CVE-2016-7290 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Office	2010
Microsoft	Office Compatibility Pack	-
Microsoft	Office Web Apps	2010
Microsoft	Sharepoint Server	2010
Microsoft	Word	2007
Microsoft	Word Automation Services	-
Microsoft	Word For Mac	2011

Related Weaknesses (CWE)

CWE-125

References

http://www.securityfocus.com/bid/94670Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037441Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-14
http://www.securityfocus.com/bid/94670Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037441Third Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-14

FAQ

What is CVE-2016-7290?

CVE-2016-7290 is a vulnerability with a CVSS score of 7.1 (HIGH). Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow re...

How severe is CVE-2016-7290?

CVE-2016-7290 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7290?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, Microsoft Sharepoint Server, Microsoft Word.