CVE-2016-7262

CVSS 7.8 HIGHEPSS 58.2%● KEV

In short

A vulnerability in Microsoft Excel allows attackers to bypass security features and execute harmful commands when a user clicks on a specially crafted cell in a spreadsheet. This is dangerous because it can let attackers take control of your computer through a malicious Excel file.

Technical detail

Microsoft Excel versions 2007-2016 and Office Compatibility Pack fail to properly validate crafted cells, allowing user-assisted remote code execution through a security feature bypass. The attack requires user interaction (clicking the cell) and affects multiple Excel versions; successful exploitation results in arbitrary command execution with user privileges.

Summary generated and translated by AI from the official description.

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7262 http://www.securityfocus.com/bid/94660 http://www.securitytracker.com/id/1037441