Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3316

CWE-119Buffer Overflow6 documents5 sources
Severity
7.8HIGH
EPSS
50.3%
top 2.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft WordMicrosoft Word FOR MAC
Timeline
PublishedAug 9
Latest updateMay 14

Description

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/word2013, 2016+1

🔴Vulnerability Details

2
GHSA
GHSA-862r-gj4m-5gp9: Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Offic2022-05-14
CVEList
CVE-2016-3316: Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Offic2016-08-09

💥Exploits & PoCs

1
Exploit-DB
Microsoft Word 2013/2016 - sprmSdyaTop Denial of Service (MS16-099)2016-08-16

📋Vendor Advisories

1
Microsoft
Microsoft Office Memory Corruption Vulnerability2016-08-09
CVE-2016-3316 (HIGH CVSS 7.8) | Microsoft Word 2013 SP1 | cvebase.io