CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/60973
http://www.securityfocus.com/bid/70360
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:word:2010:sp2::::::
	cpe:2.3:a:microsoft:office:2011::mac:::::
	cpe:2.3:a:microsoft:office:2010:sp2::::::
	cpe:2.3:a:microsoft:word:2010:sp1::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp2::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:gold::::::
	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
	cpe:2.3:a:microsoft:office:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp1::::::

Information

Published : 2014-10-15 03:55

Updated : 2018-10-12 15:07

NVD link : CVE-2014-4117

Mitre link : CVE-2014-4117

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

microsoft

word_web_apps
office_compatibility_pack
sharepoint_server
office
word

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/60973", "name": "60973", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/70360", "name": "70360", "tags": [], "refsource": "BID"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061", "name": "MS14-061", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4117", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-10-15T10:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word_web_apps:2010:gold:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word_web_apps:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T22:07Z"}