CVE-2016-3316

HIGH

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac - Remote Code Execution via Crafted File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3316. PoCs published by COSIG.

AI-analyzed exploit summary The document describes CVE-2016-3316, a vulnerability in Microsoft Word 2013/2016 involving improper parsing of 'sprmSdyaTop' in SEPX structures, leading to out-of-bounds read and potential arbitrary code execution. It includes a report timeline and references to PoC files but does not contain exploit code.

Description

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by COSIG · textdosmultiple
https://www.exploit-db.com/exploits/40238

The document describes CVE-2016-3316, a vulnerability in Microsoft Word 2013/2016 involving improper parsing of 'sprmSdyaTop' in SEPX structures, leading to out-of-bounds read and potential arbitrary code execution. It includes a report timeline and references to PoC files but does not contain exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Office Word 2013, 2016
No auth needed
Prerequisites: Victim must open a malicious Word document
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036559
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92300
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40238/

Scores

CVSS v3 7.8
EPSS 0.4719
EPSS Percentile 98.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (3)
microsoft/word 2013 sp1 (2 CPE variants)
microsoft/word 2016
microsoft/word_for_mac 2016
Published Aug 09, 2016
Tracked Since Feb 18, 2026