Published: 16/06/2016 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft visio viewer 2010
microsoft visio viewer 2007
microsoft visio 2016
microsoft visio 2013
microsoft visio 2010
microsoft visio 2007

require 'zip' require 'base64' require 'msf/core' require 'rex/ole' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Office OLE Multiple DLL Side Loading Vulnerabilities', 'Descri ...

CWE-264 http://seclists.org/fulldisclosure/2016/Jun/32 http://www.securitytracker.com/id/1036093 http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html http://www.securityfocus.com/archive/1/538685/100/0/threaded https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 https://nvd.nist.gov https://www.exploit-db.com/exploits/41706/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-3235

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect