HTTP: Microsoft Office CVE-2016-7264 Remote Code Execution
An out of bounds read vulnerability has been reported in Microsoft Office. The vulnerability is due to failure in handling certain objects in memory which leads to an out of bound memory read. Successful exploitation allows the attacker to retrieve information that could lead to an Address Space Layout Randomization bypass.
Extended Description
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Affected Products
Microsoft office_compatibility_pack
References
CVE: CVE-2016-7264
Short Name
HTTP:STC:DL:CVE-2016-7264-RCE
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-7264 Code Execution Microsoft Office Remote
Release Date
12/13/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.8