CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS14-081 | Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) | Microsoft Office | Critical | 10-12-2014 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Word and Microsoft Office Web Apps. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software.
Detailed Information on the risk:
A remote code execution vulnerability exists in how Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.Further information on this exploit is available at : MS14-081
Affected Software
Microsoft Office 2007Microsoft Office 2010
Microsoft Word 2010
Microsoft Office 2013 and Microsoft Office 2013 RT
Microsoft Office for Mac
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3