CVE-2014-4117
Microsoft Office/Word 2007/2010, Office for Mac 2011, SharePoint Server 2010 - RCE via Crafted Word Document
Title source: llmDescription
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70360
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60973
Scores
EPSS
0.1746
EPSS Percentile
96.8%
Details
CWE
CWE-20
Status
published
Products (7)
microsoft/office
2007 sp3
microsoft/office
2010 sp1 (2 CPE variants)
microsoft/office
2011
microsoft/office_compatibility_pack
microsoft/sharepoint_server
2010 sp1 (2 CPE variants)
microsoft/word
2010 sp1 (2 CPE variants)
microsoft/word_web_apps
2010 gold (3 CPE variants)
Published
Oct 15, 2014
Tracked Since
Feb 18, 2026