Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3313

CWE-119 — Buffer Overflow5 documents5 sources

Severity

7.8HIGH

EPSS

50.3%

top 2.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Office Microsoft Word FOR MAC

Timeline

PublishedAug 9

Latest updateMay 14

Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/word2016

▶NVDmicrosoft/office2007, 2010, 2013+2

🔴Vulnerability Details

GHSA

GHSA-95w3-6v7m-h37f: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary c↗2022-05-14

▶

CVEList

CVE-2016-3313: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary c↗2016-08-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)↗2016-08-10

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2016-08-09

▶