CVE-2016-3235
Patch now. It under exploitation confirmed by CISA and has a working public exploit.
Apply updates per vendor instructions.
Microsoft Visio fails to securely load libraries, allowing an attacker to run malicious code with elevated privileges by placing a crafted file in the same directory as Visio. This is dangerous because it can give attackers full control of your computer.
DLL side-loading vulnerability in Microsoft Visio versions 2007-2016 and Visio Viewer where improper library loading mechanisms allow privilege escalation. Local attacker can exploit this by placing a malicious DLL in the application directory, which gets loaded with the privileges of the Visio process. Impact includes arbitrary code execution with elevated privileges on the affected system.