CVE-2016-7268

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

Published: Dec 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-7268
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
microsoft / word_for_mac	2011	2011.x
microsoft / office_web_apps	2010-sp2	2010-sp2.x
microsoft / sharepoint_server	2010-sp2	2010-sp2.x
microsoft / office	2010-sp2	2010-sp2.x
microsoft / office_compatibility_pack	-	-
microsoft / word_viewer	-	-
microsoft / word	2007-sp3	2007-sp3.x

http://www.securityfocus.com/bid/94672
http://www.securitytracker.com/id/1037441
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148

Vulnerability Database

289,599

CVE-2016-7268