CVE-2016-3313

HIGH

Microsoft Office 2007-2016 & Word Viewer RCE via Crafted File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3313. PoCs published by COSIG.

AI-analyzed exploit summary This is a technical writeup for CVE-2016-3313, a remote code execution vulnerability in Microsoft Word due to an invalid WordDocumentStream. The advisory includes a timeline, technical details, and references to external PoC files.

Description

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textlocalwindows

https://www.exploit-db.com/exploits/40224

View Code ZIP pw:eip

This is a technical writeup for CVE-2016-3313, a remote code execution vulnerability in Microsoft Word due to an invalid WordDocumentStream. The advisory includes a timeline, technical details, and references to external PoC files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office Word 2007, 2010, 2013, 2016

No auth needed

Prerequisites: User interaction required to open a malicious .doc file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036559

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40224/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92289

Scores

CVSS v3 7.8

EPSS 0.4983

EPSS Percentile 98.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

microsoft/office 2007 sp3

microsoft/office 2010 sp2 (2 CPE variants)

microsoft/office 2013 sp1

microsoft/word_for_mac 2016

microsoft/word_viewer

Published Aug 09, 2016

Tracked Since Feb 18, 2026