CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
Added: 07/24/2014
CVE: CVE-2014-1761
BID: 66385
OSVDB: 104895
Microsoft Office Word is Microsoftβs word processing software, released as a component of Microsoft Office suite.
A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying an incorrect listoverridecount field. Shellcode is loaded directly from the RTF file.
This exploit has been tested against Microsoft Office 2010 SP2 English on Windows 7 SP1. The exploit does not work if the RTF file is loaded in Microsoft Word βProtected Modeβ. In addition Microsoft EMET sucessfully mitigates the exploit attempt.
Install the patch referenced in Microsoft Security Bulletin 14-017.
Windows