CVE-2016-3357

HIGH

Microsoft Office - Memory Corruption

Title source: rule

Description

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/40406

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92786

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036785

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40406/

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107

Scores

CVSS v3 7.8

EPSS 0.3241

EPSS Percentile 96.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (11)

microsoft/office 2007 sp3

microsoft/office 2010 sp2

microsoft/office 2013 sp1

microsoft/office 2016

microsoft/office_web_apps 2010 sp2

microsoft/office_web_apps_server 2013 sp1

microsoft/sharepoint_foundation 2010 sp2

microsoft/sharepoint_foundation 2013 sp1

microsoft/word_for_mac 2011

microsoft/word_for_mac 2016

... and 1 more

Published Sep 14, 2016

Tracked Since Feb 18, 2026