CVE-2016-3317

Description

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka Microsoft Office Memory Corruption Vulnerability.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

30.017

Associated Vulnerability

Vulnerability	OS Platform
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3115427) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3115427) 32-Bit Edition	Windows
Microsoft Office Graphics Remote Code Execution Vulnerability for Microsoft Office 2007 suites (KB3114893)	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2016 (KB3115415) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2016 (KB3115415) 32-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114869) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114869) 32-Bit Edition	Windows
Microsoft Office Graphics Remote Code Execution Vulnerability for Word Viewer (KB3115479)	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2016 (KB3115419) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2016 (KB3115419) 32-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office OneNote 2007 (KB3114456)	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2010 (KB3114885) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3114340) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2013 (KB3114340) 32-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB3114442)	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114400) 64-Bit Edition	Windows
Microsoft OneNote Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114400) 32-Bit Edition	Windows
Microsoft Office Graphics Remote Code Execution Vulnerability for Word Viewer (KB3115480)	Windows
Microsoft Office Graphics Remote Code Execution Vulnerability for Microsoft Office Word 2007 (KB3115465)	Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB3115468) 32-Bit Edition	Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB3115468) 64-Bit Edition	Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB3115471) 32-Bit Edition	Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB3115471) 64-Bit Edition	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-21280	Security Update for Microsoft Office 2013 (KB3115427) 64-Bit Edition
PATCH-21279	Security Update for Microsoft Office 2013 (KB3115427) 32-Bit Edition
PATCH-21286	Security Update for Microsoft Office 2016 (KB3115415) 64-Bit Edition
PATCH-21285	Security Update for Microsoft Office 2016 (KB3115415) 32-Bit Edition
PATCH-21291	Security Update for Word Viewer (KB3115479)
PATCH-21288	Security Update for Microsoft OneNote 2016 (KB3115419) 64-Bit Edition
PATCH-21287	Security Update for Microsoft OneNote 2016 (KB3115419) 32-Bit Edition
PATCH-21265	Security Update for Microsoft Office OneNote 2007 (KB3114456)
PATCH-21274	Security Update for Microsoft OneNote 2010 (KB3114885) 64-Bit Edition
PATCH-21273	Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition
PATCH-21278	Security Update for Microsoft Office 2013 (KB3114340) 64-Bit Edition
PATCH-21277	Security Update for Microsoft Office 2013 (KB3114340) 32-Bit Edition
PATCH-21263	Security Update for Microsoft Office 2007 suites (KB3114442)
PATCH-21268	Security Update for Microsoft Office 2010 (KB3114400) 64-Bit Edition
PATCH-21267	Security Update for Microsoft Office 2010 (KB3114400) 32-Bit Edition
PATCH-21292	Security Update for Word Viewer (KB3115480)
PATCH-21266	Security Update for Microsoft Office Word 2007 (KB3115465)
PATCH-21271	Security Update for Microsoft Office 2010 (KB3115468) 32-Bit Edition
PATCH-21272	Security Update for Microsoft Office 2010 (KB3115468) 64-Bit Edition
PATCH-21275	Security Update for Microsoft Word 2010 (KB3115471) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234