Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1757

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-1757
Last Modified 09 Apr 2014 08:49:25
Published 08 Apr 2014 07:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1757

Summary

Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Compatibility Pack

  • Microsoft Word 2007

  • Microsoft Word 2010


References

MS - MS14-017

Related Patches

MS14-017 Security Update for Microsoft Office Word 2007 (KB2878237)

MS14-017 Security Update for Microsoft SharePoint Server 2010 (KB2878220)

MS14-017 Security Update for Microsoft Office 2007 suites (KB2878236)

MS14-017 Security Update for Microsoft Office 2010 32-Bit Edition (KB2863919)

MS14-017 Security Update for Word Viewer (KB2878304)

MS14-017 Security Update for Microsoft Word 2013 32-Bit Edition (KB2863910)

MS14-017 Security Update for Microsoft Word 2010 32-Bit Edition (KB2863926)

MS14-017 Security Update for Word 2003 (KB2878303)

MS14-017 Security Update for Microsoft Web Applications (KB2878221)

MS14-017 Security Update for Microsoft Office Web Apps Server 2013 (KB2878219)

MS14-017 Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2863907)

MS14-017 Security Update for Microsoft Word 2010 64-Bit Edition (KB2863926)

MS14-017 Security Update for Microsoft Word 2013 64-Bit Edition (KB2863910)

MS14-017 Security Update for Microsoft Office 2010 64-Bit Edition (KB2863919)


Last Updated: 27 May 2016 11:04:52