CVE-2016-7193
Published: 14 October 2016
Summary
CVE-2016-7193 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server contain a memory corruption vulnerability tracked as CVE-2016-7193 and CWE-119. The flaw is triggered when these components process a specially crafted RTF document, resulting in arbitrary code execution.
An unauthenticated remote attacker can exploit the issue by supplying a malicious RTF file that a user opens in an affected Microsoft Word or Office application. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the current user, affecting confidentiality, integrity, and availability.
The Microsoft security bulletin MS16-121, referenced in the advisory at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121, addresses the vulnerability through security updates for the listed products and recommends applying the patches as the primary mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-8058
Vulnerability details
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation…
more
Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor security updates that remediate the RTF memory-corruption flaw before exploitation can occur.
Malicious-code protection mechanisms can inspect and block the crafted RTF documents used to trigger CVE-2016-7193.
Memory-protection controls (e.g., ASLR, DEP, CFG) raise the bar against successful exploitation of the underlying buffer overflow.