CVE-2016-7262
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
Published
2016-12-20T06:59:00.373
Last Modified
2025-10-22T00:15:55.913
Status
Deferred
Source
[email protected]
Severity
CVSSv3.1: 7.8 (HIGH)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
6.4
Weaknesses
-
Type: Primary
NVD-CWE-noinfo
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/94660
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1037441
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148
Patch, Vendor Advisory
([email protected])
-
http://www.securityfocus.com/bid/94660
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1037441
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148
Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7262
(134c704f-9b21-4f2e-91b3-4a467353bcc0)