Vulnerability Details CVE-2016-7262
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.852
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
Proposed Action
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/94660
- http://www.securitytracker.com/id/1037441
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148
- http://www.securityfocus.com/bid/94660
- http://www.securitytracker.com/id/1037441
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148
Products affected by CVE-2016-7262
-
cpe:2.3:a:microsoft:excel:2007
-
cpe:2.3:a:microsoft:excel:2010
-
cpe:2.3:a:microsoft:excel:2013
-
cpe:2.3:a:microsoft:excel:2016
-
cpe:2.3:a:microsoft:excel_viewer:-
-
cpe:2.3:a:microsoft:office_compatibility_pack:-