Cyber Resilience

CVE-2016-3235

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 16 June 2016

Published
16 June 2016
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8116 99.2th percentile
Risk Priority 84 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-3235 is a high-severity an unspecified weakness vulnerability in Microsoft Visio. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

The vulnerability CVE-2016-3235 is a DLL side-loading flaw in Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010. It arises from mishandling of library loading in the Office OLE components, enabling an attacker to substitute a malicious DLL for a legitimate one.

A local attacker can exploit the issue by placing a crafted application on a system and inducing a user to execute it, resulting in privilege escalation with full control over confidentiality, integrity, and availability on the affected host.

Microsoft's security bulletin MS16-070 describes the patches released to correct the library-loading behavior in supported Visio editions and viewers.

Public references also include proof-of-concept material on Packet Storm and the Full Disclosure mailing list demonstrating the side-load technique against the listed products.

EU & UK References

Vulnerability details

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side…

more

Loading Vulnerability."

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
visio
2007, 2010, 2013, 2016
microsoft
visio viewer
2007, 2010

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic signing of components, directly blocking substitution of a malicious DLL for a legitimate Visio/OLE library.

preventdetect

Performs integrity verification of software and libraries at load time, detecting or preventing the crafted DLL from being used.

preventdetect

Deploys malicious-code protection mechanisms (e.g., application allow-listing or behavioral blocking) that can stop side-loaded DLL execution.

References