Home

CVE-2016-7290

Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka Microsoft Office Information Disclosure Vulnerability, a different vulnerability than CVE-2016-7291.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
10.943

Associated Vulnerability

VulnerabilityOS Platform
Windows GDI Information Disclosure Vulnerability for Microsoft Office Word 2007 (KB3128025)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Word 2010 (KB3128034) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Word 2010 (KB3128034) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft SharePoint Server 2010 (KB3128026)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3128024)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Web Applications (KB3128035)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3128032) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3128032) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Publisher 2010 (KB3114395) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Publisher 2010 (KB3114395) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3128022)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2010 (KB3128037) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2010 (KB3128037) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2016 (KB3128016) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2016 (KB3128016) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office Excel Viewer 2007 (KB3128023)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2013 (KB3128008) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Excel 2013 (KB3128008) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB2883033)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB2889841) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB2889841) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Word Viewer (KB3127995)Windows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2013 (KB3127968) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2013 (KB3127968) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2016 (KB3127986) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2016 (KB3127986) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3118380) 64-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2010 (KB3118380) 32-Bit EditionWindows
Windows GDI Information Disclosure Vulnerability for Microsoft Office 2007 suites (KB3128020)Windows
Windows GDI Information Disclosure Vulnerability for Word Viewer (KB3128043)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21859Security Update for Microsoft Office Word 2007 (KB3128025)
PATCH-21864Security Update for Microsoft Word 2010 (KB3128034) 32-Bit Edition
PATCH-21880Security Update for Microsoft SharePoint Server 2010 (KB3128026)
PATCH-21871Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128024)
PATCH-21883Security Update for Microsoft Web Applications (KB3128035)
PATCH-21861Security Update for Microsoft Office 2010 (KB3128032) 64-Bit Edition
PATCH-21860Security Update for Microsoft Office 2010 (KB3128032) 32-Bit Edition
PATCH-21870Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3128022)
PATCH-21863Security Update for Microsoft Excel 2010 (KB3128037) 64-Bit Edition
PATCH-21862Security Update for Microsoft Excel 2010 (KB3128037) 32-Bit Edition
PATCH-21869Security Update for Microsoft Excel 2016 (KB3128016) 64-Bit Edition
PATCH-21868Security Update for Microsoft Excel 2016 (KB3128016) 32-Bit Edition
PATCH-21872Security Update for Microsoft Office Excel Viewer 2007 (KB3128023)
PATCH-21867Security Update for Microsoft Excel 2013 (KB3128008) 64-Bit Edition
PATCH-21866Security Update for Microsoft Excel 2013 (KB3128008) 32-Bit Edition
PATCH-21875Security Update for Microsoft Office 2007 suites (KB2883033)
PATCH-21882Security Update for Microsoft Office 2010 (KB2889841) 64-Bit Edition
PATCH-21881Security Update for Microsoft Office 2010 (KB2889841) 32-Bit Edition
PATCH-21893Security Update for Word Viewer (KB3127995)
PATCH-21888Security Update for Microsoft Office 2013 (KB3127968) 64-Bit Edition
PATCH-21887Security Update for Microsoft Office 2013 (KB3127968) 32-Bit Edition
PATCH-21890Security Update for Microsoft Office 2016 (KB3127986) 64-Bit Edition
PATCH-21889Security Update for Microsoft Office 2016 (KB3127986) 32-Bit Edition
PATCH-21892Security Update for Word Viewer (KB3128043)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234