Cyber Resilience

CVE-2016-7193

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 October 2016

Published
14 October 2016
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7380 98.8th percentile
Risk Priority 80 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-7193 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server contain a memory corruption vulnerability tracked as CVE-2016-7193 and CWE-119. The flaw is triggered when these components process a specially crafted RTF document, resulting in arbitrary code execution.

An unauthenticated remote attacker can exploit the issue by supplying a malicious RTF file that a user opens in an affected Microsoft Word or Office application. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the current user, affecting confidentiality, integrity, and availability.

The Microsoft security bulletin MS16-121, referenced in the advisory at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121, addresses the vulnerability through security updates for the listed products and recommends applying the patches as the primary mitigation.

EU & UK References

Vulnerability details

Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation…

more

Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2007, 2010, 2016
microsoft
office compatibility pack
all versions
microsoft
word
2010, 2011, 2013, 2016
microsoft
word viewer
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor security updates that remediate the RTF memory-corruption flaw before exploitation can occur.

preventdetect

Malicious-code protection mechanisms can inspect and block the crafted RTF documents used to trigger CVE-2016-7193.

prevent

Memory-protection controls (e.g., ASLR, DEP, CFG) raise the bar against successful exploitation of the underlying buffer overflow.

References