Back to KEVs

CVE-2016-3235

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 15, 2016
Published Date: June 16, 2016
Last Updated: February 10, 2025
Vendor: n/a
Product: n/a
Description: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-070 http://www.securityfocus.com/archive/1/538685/100/0/threaded http://www.securitytracker.com/id/1036093 http://packetstormsecurity.com/files/137490/Microsoft-Visio-DLL-Hijacking.html http://seclists.org/fulldisclosure/2016/Jun/32

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_ole_multiple_dll_hijack.rb	2025-04-29 11:01:35 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

office_ole_multiple_dll_hijack

Type: metasploit • Created: Unknown

Metasploit module for CVE-2016-3235