Skip to main content
CVE-2016-7262 HIGH KEV PATCH THREAT Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 87.1%.

Authentication Bypass Microsoft
NVD
CVSS 3.1
7.8
EPSS
87.1%
Threat
5.7
CVE-2016-7286 HIGH POC THREAT Act Now

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 82.7%.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
82.7%
Threat
5.5
CVE-2016-7288 HIGH POC THREAT Act Now

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 79.3%.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
79.3%
Threat
5.4
CVE-2016-7287 HIGH POC THREAT Act Now

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
78.3%
Threat
5.4
CVE-2016-7274 HIGH POC THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.4%.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
38.4%
Threat
4.4
CVE-2016-7272 HIGH Act Now

The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
33.1%
CVE-2016-7296 HIGH Act Now

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 37.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
37.4%
CVE-2016-7270 HIGH Act Now

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.0% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 3.0
7.5
EPSS
37.0%
CVE-2016-7289 HIGH Act Now

Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Publisher
NVD
CVSS 3.0
7.8
EPSS
34.2%
CVE-2016-7297 HIGH Act Now

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 35.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
35.2%
CVE-2016-7279 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
7.5
EPSS
32.6%
CVE-2016-7283 HIGH Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
23.0%
CVE-2016-7273 HIGH Act Now

The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.2% and no vendor patch available.

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
8.8
EPSS
21.2%
CVE-2016-7181 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 27.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
27.3%
CVE-2016-7298 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office +1
NVD
CVSS 3.0
7.8
EPSS
18.9%
CVE-2016-7263 HIGH Act Now

Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Excel For Mac
NVD
CVSS 3.0
7.8
EPSS
18.9%
CVE-2016-7266 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 16.9% and no vendor patch available.

Authentication Bypass Microsoft Excel Excel For Mac Excel Viewer +1
NVD
CVSS 3.0
7.8
EPSS
16.9%
CVE-2016-7277 CRITICAL Act Now

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
9.6
EPSS
5.0%
CVE-2016-4552 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-7267 MEDIUM This Month

Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.7% and no vendor patch available.

RCE Microsoft Excel
NVD
CVSS 3.0
5.5
EPSS
21.7%
CVE-2016-7281 MEDIUM This Month

The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.5% and no vendor patch available.

Authentication Bypass Microsoft Edge Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
22.5%
CVE-2016-7264 HIGH Act Now

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Excel +3
NVD
CVSS 3.0
7.1
EPSS
11.3%
CVE-2016-7278 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.2% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
20.2%
CVE-2016-7291 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7290 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7268 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7257 MEDIUM This Month

The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Information Disclosure Microsoft Office For Mac Windows 7 Windows Server 2008 +1
NVD
CVSS 3.0
6.5
EPSS
13.3%
CVE-2016-7265 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Excel +3
NVD
CVSS 3.0
7.1
EPSS
10.3%
CVE-2016-7284 MEDIUM This Month

Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.2% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
24.2%
CVE-2016-7276 HIGH This Week

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +1
NVD
CVSS 3.0
7.1
EPSS
8.6%
CVE-2016-7259 HIGH This Week

The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2016-7292 HIGH This Week

The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2016-7275 HIGH This Week

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-7300 HIGH This Week

Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Auto Updater For Mac
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-7260 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7271 HIGH This Week

The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7280 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Microsoft Edge
NVD
CVSS 3.0
6.1
EPSS
7.6%
CVE-2016-7206 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Microsoft Edge
NVD
CVSS 3.0
6.1
EPSS
7.6%
CVE-2016-7282 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Microsoft Edge Internet Explorer
NVD
CVSS 3.0
6.1
EPSS
5.1%
CVE-2016-5303 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Groupware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-7219 MEDIUM This Month

The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2016-7295 MEDIUM This Month

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-7258 MEDIUM This Month

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-9757 MEDIUM This Month

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexpose
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy