CVE-2016-3235
Scores
EPSS
Percentile: 81.2%
CVSS
CVSS Score: 7.8/10
All CVSS Scores
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Local (L)
Describes how the vulnerability is exploited
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
Privileges Required
None (N)
Describes the level of privileges an attacker must possess
User Interaction
Required (R)
Captures the requirement for a human user participation
Scope
Unchanged (U)
Determines if a successful attack impacts components beyond the vulnerable component
Confidentiality Impact
High (H)
Measures the impact to the confidentiality of information
Integrity Impact
High (H)
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
High (H)
Measures the impact to the availability of the impacted component
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
Attack Complexity
Medium
Describes the conditions beyond the attacker's control
Authentication
None (N)
Describes the level of privileges an attacker must possess
Confidentiality Impact
Complete
Measures the impact to the confidentiality of information
Integrity Impact
Complete
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
Complete
Measures the impact to the availability of the impacted component
Description
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.”
Scaner-VS 7 — a modern vulnerability management solution
Sources
Related Vulnerabilities
Exploits
Exploit ID: CVE-2016-3235
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Vulnerable Software (25)
Type: Configuration
Vendor: *
Product: visio
Operating System: * * *
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*", ...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Configuration
Vendor: *
Product: visio_viewer
Operating System: * * *
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*", ...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:microsoft:visio:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2010:sp2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio_viewer:2007:sp3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:microsoft:visio_viewer:2010:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB2596915
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB4493151
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 16.0.5378.1000
Operating System: Windows 5378 build 1000
Identifier: KB5002337
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 16.0.5361.1002
Operating System: Windows 5361 build 1002
Identifier: KB5002016
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 5439.1000
Operating System: Windows 5439 build 1000
Identifier: KB5002565
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 16.0.5435.1000
Operating System: Windows 5435 build 1000
Identifier: KB5002491
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 16.0.5408.1002
Operating System: Windows 5408 build 1002
Identifier: KB5002418
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB4484244
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 5374.1000
Operating System: Windows 5374 build 1000
Identifier: KB5002286
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 16.0.5465.1001
Operating System: Windows 5465 build 1001
Identifier: KB5002634
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB3115020
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 15.0.5519.1000
Operating System: Windows 5519 build 1000
Identifier: KB5002332
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 5511.1000
Operating System: Windows 5511 build 1000
Identifier: KB5002280
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB4486673
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 15.0.5579.1001
Operating System: Windows 5579 build 1001
Identifier: KB5002417
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB4464544
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 15.0.5485.1001
Operating System: Windows 5485 build 1001
Identifier: KB5002017
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB3114872
Source: msrc