CVE-2016-0010: Buffer Overflow
First published: Wed Jan 13 2016(Updated: )
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Excel | =2011 | |
| Microsoft Excel | =2016 | |
| Microsoft Office | =2007-sp3 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2016 | |
| Microsoft PowerPoint for Mac | =2011 | |
| Microsoft PowerPoint for Mac | =2016 | |
| Microsoft Word | =2011 | |
| Microsoft Word | =2016 | |
| Microsoft Office Word Viewer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0010?
CVE-2016-0010 is classified as a critical vulnerability that allows remote attackers to execute arbitrary code.
How do I fix CVE-2016-0010?
To fix CVE-2016-0010, users should apply the latest security updates provided by Microsoft for the affected Office products.
Which versions of Microsoft Office are affected by CVE-2016-0010?
CVE-2016-0010 affects Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, as well as several versions of Excel, Word, and PowerPoint for Mac.
Can CVE-2016-0010 be exploited without user interaction?
Yes, CVE-2016-0010 can potentially be exploited without user interaction if a victim opens a specially crafted file.
Is it necessary to uninstall Microsoft Office to resolve CVE-2016-0010?
No, it is not necessary to uninstall Microsoft Office; simply updating to the latest patched version is sufficient to mitigate the risk.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft excel
- version/microsoft excel/2011
- version/microsoft excel/2016
- canonical/microsoft office
- version/microsoft office/2007-sp3
- version/microsoft office/2010-sp2
- version/microsoft office/2013-sp1
- version/microsoft office/2016
- canonical/microsoft powerpoint for mac
- version/microsoft powerpoint for mac/2011
- version/microsoft powerpoint for mac/2016
- canonical/microsoft word
- version/microsoft word/2011
- version/microsoft word/2016
- canonical/microsoft office word viewer