CVE-2016-3366

medium

Published 2016-09-14 · Modified 2026-05-06

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2

4.3

VIR risk

6.5

Description

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
microsoft	outlook	`2007`
microsoft	outlook	`2010`
microsoft	outlook	`2013`
microsoft	outlook	`2016`

References

http://www.securityfocus.com/bid/92831
http://www.securitytracker.com/id/1036785
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107
http://www.securityfocus.com/bid/92831
http://www.securitytracker.com/id/1036785
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.