CVE-2016-0122

HIGH

Microsoft Excel/Word 2007-2016 & Office Compatibility Pack - Remote Code Execution via Crafted Document

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0122. PoCs published by Sébastien Morin.

AI-analyzed exploit summary This is a technical writeup detailing CVE-2026-0122, an out-of-bounds read vulnerability in Microsoft Office Excel that could lead to remote code execution. The document includes a timeline, technical details, and references to a proof-of-concept file but does not contain functional exploit code.

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sébastien Morin · textlocalwindows
https://www.exploit-db.com/exploits/39694

This is a technical writeup detailing CVE-2026-0122, an out-of-bounds read vulnerability in Microsoft Office Excel that could lead to remote code execution. The document includes a timeline, technical details, and references to a proof-of-concept file but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Office Excel 2007, 2010, 2013, 2016
No auth needed
Prerequisites: User interaction to open a malicious .xlsm file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035525
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39694/

Scores

CVSS v3 7.8
EPSS 0.4113
EPSS Percentile 98.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (7)
microsoft/excel 2007 sp3
microsoft/excel 2010 sp2
microsoft/excel 2013 sp1 (2 CPE variants)
microsoft/excel 2016
microsoft/excel_viewer
microsoft/office_compatibility_pack
microsoft/word_for_mac 2016
Published Apr 12, 2016
Tracked Since Feb 18, 2026