|MS14-023||Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)||Microsoft Office||Important||14-05-2014|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens an Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that affected Microsoft Office software handles the loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS14-023
Affected SoftwareMicrosoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT