Home

CVE-2016-7266

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka Microsoft Office Security Feature Bypass Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
16.891

Associated Vulnerability

VulnerabilityOS Platform
Windows GDI Information Disclosure Vulnerability for Microsoft Office Word 2007 (KB3128025)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Word 2010 (KB3128034) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Word 2010 (KB3128034) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft SharePoint Server 2010 (KB3128026)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3128024)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Web Applications (KB3128035)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3128032) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3128032) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Publisher 2010 (KB3114395) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Publisher 2010 (KB3114395) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3128022)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2010 (KB3128037) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2010 (KB3128037) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2016 (KB3128016) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2016 (KB3128016) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Excel Viewer 2007 (KB3128023)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2013 (KB3128008) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2013 (KB3128008) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB2883033)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB2889841) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB2889841) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Word Viewer (KB3127995)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2013 (KB3127968) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2013 (KB3127968) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2016 (KB3127986) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2016 (KB3127986) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3118380) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3118380) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB3128020)Windows
Windows GDI Information Disclosure Vulnerability for Word Viewer (KB3128043)Windows
Microsoft Excel Security Feature Bypass Vulnerability for Microsoft Office Excel 2007 (KB3128019)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21859Security Update for Microsoft Office Word 2007 (KB3128025)
PATCH-21864Security Update for Microsoft Word 2010 (KB3128034) 32-Bit Edition
PATCH-21880Security Update for Microsoft SharePoint Server 2010 (KB3128026)
PATCH-21871Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128024)
PATCH-21883Security Update for Microsoft Web Applications (KB3128035)
PATCH-21861Security Update for Microsoft Office 2010 (KB3128032) 64-Bit Edition
PATCH-21860Security Update for Microsoft Office 2010 (KB3128032) 32-Bit Edition
PATCH-21870Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128022)
PATCH-21863Security Update for Microsoft Excel 2010 (KB3128037) 64-Bit Edition
PATCH-21862Security Update for Microsoft Excel 2010 (KB3128037) 32-Bit Edition
PATCH-21869Security Update for Microsoft Excel 2016 (KB3128016) 64-Bit Edition
PATCH-21868Security Update for Microsoft Excel 2016 (KB3128016) 32-Bit Edition
PATCH-21872Security Update for Microsoft Office Excel Viewer 2007 (KB3128023)
PATCH-21867Security Update for Microsoft Excel 2013 (KB3128008) 64-Bit Edition
PATCH-21866Security Update for Microsoft Excel 2013 (KB3128008) 32-Bit Edition
PATCH-21875Security Update for Microsoft Office 2007 suites (KB2883033)
PATCH-21882Security Update for Microsoft Office 2010 (KB2889841) 64-Bit Edition
PATCH-21881Security Update for Microsoft Office 2010 (KB2889841) 32-Bit Edition
PATCH-21893Security Update for Word Viewer (KB3127995)
PATCH-21888Security Update for Microsoft Office 2013 (KB3127968) 64-Bit Edition
PATCH-21887Security Update for Microsoft Office 2013 (KB3127968) 32-Bit Edition
PATCH-21890Security Update for Microsoft Office 2016 (KB3127986) 64-Bit Edition
PATCH-21889Security Update for Microsoft Office 2016 (KB3127986) 32-Bit Edition
PATCH-21892Security Update for Word Viewer (KB3128043)
PATCH-21858Security Update for Microsoft Office Excel 2007 (KB3128019)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234