CVE-2014-4117

Microsoft Office/Word 2007/2010, Office for Mac 2011, SharePoint Server 2010 - RCE via Crafted Word Document

Title source: llm
STIX 2.1

Description

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70360
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60973

Scores

EPSS 0.1746
EPSS Percentile 96.8%

Details

CWE
CWE-20
Status published
Products (7)
microsoft/office 2007 sp3
microsoft/office 2010 sp1 (2 CPE variants)
microsoft/office 2011
microsoft/office_compatibility_pack
microsoft/sharepoint_server 2010 sp1 (2 CPE variants)
microsoft/word 2010 sp1 (2 CPE variants)
microsoft/word_web_apps 2010 gold (3 CPE variants)
Published Oct 15, 2014
Tracked Since Feb 18, 2026