Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
Microsoft Office Word versions 2007, 2010, 2013, and 2016 suffer from an out-of-bounds read that allows for remote code execution. This vulnerability is noted in MS16-099.