CVE-2016-0012 [Medium] | Information Disclosure in Excel

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	10.64%	11.20%	+0.55%
2	2026-04-21	13.31%	10.64%	-2.67%
3	2025-03-30	—	13.31%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

10.64%

11.20%

+0.55%

2026-04-21

13.31%

10.64%

-2.67%

2025-03-30

—

13.31%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	3.0	MEDIUM	`CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:R) A real person has to do something—click, install, enable—otherwise it doesn’t land. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	2.8	1.4	[email protected]
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

3.0

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R): A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

2.8

1.4

[email protected]

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

Affected software / configurations for CVE-2016-0012

Vendor	Product	Version	Raw CPE
microsoft	excel	2007	cpe:2.3:a:microsoft:excel:2007:sp3::::::
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2:::::x64:*
microsoft	excel	2010	cpe:2.3:a:microsoft:excel:2010:sp2:::::x86:*
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1::::::
microsoft	excel	2013	cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::*
microsoft	excel	2016	cpe:2.3:a:microsoft:excel:2016:::::::*
microsoft	office	2007	cpe:2.3:a:microsoft:office:2007:sp3::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:x64:::::*
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:x86:::::*
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::::*
microsoft	powerpoint	2010	cpe:2.3:a:microsoft:powerpoint:2010:sp2::::::
microsoft	powerpoint	2013	cpe:2.3:a:microsoft:powerpoint:2013:sp1::::::
microsoft	powerpoint	2013	cpe:2.3:a:microsoft:powerpoint:2013:sp1:::rt:::*
microsoft	powerpoint	2016	cpe:2.3:a:microsoft:powerpoint:2016:::::::*
microsoft	visio	2007	cpe:2.3:a:microsoft:visio:2007:sp3::::::
microsoft	visio	2010	cpe:2.3:a:microsoft:visio:2010:sp2::::::
microsoft	visio	2013	cpe:2.3:a:microsoft:visio:2013:sp1::::::
microsoft	visio	2016	cpe:2.3:a:microsoft:visio:2016:::::::*
microsoft	visual_basics	6.0	cpe:2.3:a:microsoft:visual_basics:6.0::::rt:::
microsoft	word	2007	cpe:2.3:a:microsoft:word:2007:sp3::::::
microsoft	word	2010	cpe:2.3:a:microsoft:word:2010:sp2::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1::::::
microsoft	word	2013	cpe:2.3:a:microsoft:word:2013:sp1:::rt:::*
microsoft	word	2016	cpe:2.3:a:microsoft:word:2016:::::::*

References for CVE-2016-0012

URL	Tags
http://www.securitytracker.com/id/1034651
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004

URL

CVE-2016-0012

Exploit prediction scoring system (EPSS) score for CVE-2016-0012

Common vulnerability scoring system (CVSS) metrics for CVE-2016-0012

Weakness enumeration for CVE-2016-0012

Affected software / configurations for CVE-2016-0012

References for CVE-2016-0012