Lucene search

MicrosoftCVE-2014-1761

HistoryMar 25, 2014 - 1:24 p.m.

CVE-2014-1761

2014-03-2513:24:01

CWE-787

microsoft

web.nvd.nist.gov

891

In Wild

cve-2014-1761

microsoft word

remote code execution

memory corruption

rtf

nvd

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.636

Percentile

97.9%

JSON

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Affected configurations

Nvd

Node

microsoftofficeMatch2011macos

microsoftoffice_compatibility_packMatch-sp3

microsoftoffice_web_appsMatch2010sp1

microsoftoffice_web_appsMatch2010sp2

microsoftoffice_web_apps_serverMatch2013

microsoftsharepoint_serverMatch2010sp1

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013

microsoftwordMatch2003sp3

microsoftwordMatch2007sp3

microsoftwordMatch2010sp1

microsoftwordMatch2010sp2

microsoftwordMatch2013-

microsoftwordMatch2013rt

microsoftwordMatch2013sp1-

microsoftwordMatch2013sp1rt

microsoftword_viewerMatch-

VendorProductVersionCPE
microsoftoffice2011cpe:2.3:a:microsoft:office:2011:*:*:*:*:macos:*:*
microsoftoffice_compatibility_pack-cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*
microsoftword2003cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
microsoftword2007cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2011	cpe:2.3:a:microsoft:office:2011:::::macos::
microsoft	office_compatibility_pack	-	cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3::::::
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp1::::::
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013:::::::*
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:::::::*
microsoft	word	2003	cpe:2.3:a:microsoft:word:2003:sp3::::::
microsoft	word	2007	cpe:2.3:a:microsoft:word:2007:sp3::::::