<< Back
CVE Number Vulnerability Product Severity Date
MS14-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037) Microsoft Office Important 14-05-2014

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens an Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that affected Microsoft Office software handles the loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Further information on this exploit is available at : MS14-023

Affected Software

Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013 and Microsoft Office 2013 RT