CVE-2014-1757

Microsoft Office Compatibility Pack and Word - Remote Code Execution via Crafted Document Conversion

Title source: llm
STIX 2.1

Description

Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/882841

Scores

EPSS 0.1731
EPSS Percentile 96.7%

Details

CWE
CWE-119
Status published
Products (3)
microsoft/office_compatibility_pack
microsoft/word 2007 sp3
microsoft/word 2010 sp1 (2 CPE variants)
Published Apr 08, 2014
Tracked Since Feb 18, 2026