CVE-2014-1757
Microsoft Office Compatibility Pack and Word - Remote Code Execution via Crafted Document Conversion
Title source: llmDescription
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/882841
Scores
EPSS
0.1731
EPSS Percentile
96.7%
Details
CWE
CWE-119
Status
published
Products (3)
microsoft/office_compatibility_pack
microsoft/word
2007 sp3
microsoft/word
2010 sp1 (2 CPE variants)
Published
Apr 08, 2014
Tracked Since
Feb 18, 2026