CVE-2016-7193
HIGH KEVMicrosoft Office - Memory Corruption
Title source: ruleDescription
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
References (4)
Scores
CVSS v3
7.8
EPSS
0.7380
EPSS Percentile
98.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-03
VulnCheck KEV
2016-10-11
InTheWild.io
2016-10-11
ENISA EUVD
EUVD-2016-8058
CWE
CWE-119
Status
published
Products (9)
microsoft/office
2007 sp3
microsoft/office
2010 sp2
microsoft/office
2016
microsoft/office_compatibility_pack
microsoft/word
2010 sp2
microsoft/word
2011
microsoft/word
2013 sp1 (2 CPE variants)
microsoft/word
2016
microsoft/word_viewer
Published
Oct 14, 2016
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026