CVE-2016-3234

MEDIUM Year: 2016
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Related Vulnerabilities

CVE-2008-3893

MEDIUM
CVSS:5.5(Medium)

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sens...

CWE-2002008

CVE-2010-2538

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

CWE-2002010

CVE-2010-3078

MEDIUM
CVSS:5.5(Medium)

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sen...

CWE-2002010

CVE-2011-2898

MEDIUM
CVSS:5.5(Medium)

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows loc...

CWE-2002011

CVE-2011-4915

MEDIUM
CVSS:5.5(Medium)

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

CWE-2002011

CVE-2011-4916

MEDIUM
CVSS:5.5(Medium)

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

CWE-2002011