Lucene search
3S LabsZDI-14-350HistoryOct 14, 2014 - 12:00 a.m.
Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability
2014-10-1400:00:00
3S Labs
www.zerodayinitiative.com
14
0.823 High
EPSS
Percentile
98.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of style tags. By nesting a specific style tag within another, an attacker is able to cause a pointer to be used after the underlying object has been freed. This could be used to execute arbitrary code in the context of the current user.
Related
cve
cve
CVE-2014-4117
2014-10-15 10:55:07
nessus
nessus
openvas
openvas
Microsoft Office Web Apps Memory Corruption Vulnerability (3000434)
2014-10-15 00:00:00
Microsoft SharePoint Server WAS Memory Corruption Vulnerability (3000434)
2014-10-15 00:00:00
prion
prion
Format string
2014-10-15 10:55:00
cvelist
cvelist
CVE-2014-4117
2014-10-15 10:00:00
nvd
nvd
CVE-2014-4117
2014-10-15 10:55:07
symantec
symantec
mskb
mskb
checkpoint_advisories
checkpoint_advisories
Microsoft Word Memory Corruption (MS14-061: CVE-2014-4117)
2014-10-14 00:00:00
securityvulns
securityvulns
Microsoft Word code execution
2014-10-15 00:00:00
kaspersky
kaspersky
KLA10616 Multiple vulnerabilities in Microsoft Office
2014-12-09 00:00:00