CVE-2016-3316

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac

Description The issue is caused by a buffer overflow in the text editor, allowing remote attackers to execute arbitrary code via a crafted file. Multiple remote code execution vulnerabilities exist in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Word 2013 SP1, update to a version that fixes the buffer overflow issue. For Microsoft Word 2013 RT SP1, apply the necessary patch to handle objects in memory properly. For Microsoft Word 2016, ensure that all users are cautious when opening files from unknown sources and consider restricting user rights to minimize the impact of potential exploitation. For Microsoft Word 2016 for Mac, avoid opening specially crafted files until a patch is available. As a temporary workaround, consider disabling the ability to open specially crafted files in all affected versions until a patch is available.