CVE-2014-6356

Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Office Document

Title source: llm
STIX 2.1

Description

Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.1187
EPSS Percentile 95.6%

Details

CWE
CWE-94
Status published
Products (3)
microsoft/office_compatibility_pack
microsoft/word 2007 sp3
microsoft/word 2010 sp2
Published Dec 11, 2014
Tracked Since Feb 18, 2026