CVE-2016-3279
First published: Wed Jul 13 2016(Updated: )
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Excel for Mac | =2010-sp2 | |
| Microsoft Excel for Mac | =2013-sp1 | |
| Microsoft Excel for Mac | =2016 | |
| Microsoft Excel RT | =2013-sp1 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office Web Apps | =2010-sp2 | |
| Microsoft PowerPoint | =2010-sp2 | |
| Microsoft PowerPoint | =2013-sp1 | |
| Microsoft PowerPoint | =2013-sp1 | |
| Microsoft SharePoint Server | =2010-sp2 | |
| Microsoft Word for Android | =2010-sp2 | |
| Microsoft Word for Android | =2013-sp1 | |
| Microsoft Word for Android | =2016 | |
| Microsoft Word | =2013-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3279?
CVE-2016-3279 has a severity rating of medium due to the potential for remote code execution.
How do I fix CVE-2016-3279?
To fix CVE-2016-3279, apply the latest security updates provided by Microsoft for the affected Office products.
Which software versions are affected by CVE-2016-3279?
CVE-2016-3279 affects Microsoft Office 2010 SP2, 2013 SP1, 2016, and various versions of Excel, PowerPoint, Word, and SharePoint Server.
What types of attacks can exploit CVE-2016-3279?
CVE-2016-3279 can be exploited through specially crafted documents that may allow attackers to execute arbitrary code.
Is there a workaround for CVE-2016-3279?
While there is no official workaround for CVE-2016-3279, users are advised to avoid opening untrusted documents until the patch is applied.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft excel for mac
- version/microsoft excel for mac/2010-sp2
- version/microsoft excel for mac/2013-sp1
- version/microsoft excel for mac/2016
- canonical/microsoft excel rt
- version/microsoft excel rt/2013-sp1
- canonical/microsoft office
- version/microsoft office/2010-sp2
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp2
- canonical/microsoft powerpoint
- version/microsoft powerpoint/2010-sp2
- version/microsoft powerpoint/2013-sp1
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2010-sp2
- canonical/microsoft word for android
- version/microsoft word for android/2010-sp2
- version/microsoft word for android/2013-sp1
- version/microsoft word for android/2016
- canonical/microsoft word
- version/microsoft word/2013-sp1