CVE-2016-3313

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2016 Word 2016 for Mac Word Viewer

Description The issue is caused by a buffer overflow in Microsoft Office software, including Word Viewer and Microsoft Word, allowing a remote attacker to execute arbitrary code using a specially crafted file. Multiple remote code execution vulnerabilities exist due to the software's failure to properly handle objects in memory. Successful exploitation could allow an attacker to run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office versions 2007 SP3 through 2016, update to a version that includes the fix for this issue. For Word 2016 for Mac, update to a version that includes the fix for this issue. For Word Viewer, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Office software until a patch is available.