CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/60973
http://www.securityfocus.com/bid/70360
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2010:sp1::::::
	cpe:2.3:a:microsoft:office:2010:sp2::::::
	cpe:2.3:a:microsoft:office:2011::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:word:2010:sp1::::::
	cpe:2.3:a:microsoft:word:2010:sp2::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:gold::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp1::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp2::::::

History

No history.

Information

Published : 2014-10-15 10:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-4117

Mitre link : CVE-2014-4117

CVE.ORG link : CVE-2014-4117

JSON object : View

Products Affected

microsoft

office_compatibility_pack
office
word_web_apps
word
sharepoint_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-4117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-15T10:55:07.897", "references": [{"url": "http://secunia.com/advisories/60973", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/70360", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de propiedades manipuladas en un documento Word document, tambi\u00e9n conocido como 'vulnerabilidad del formato de ficheros Microsoft Word.'"}], "lastModified": "2018-10-12T22:07:18.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638"}, {"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B"}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73"}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E"}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492"}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:gold:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72BE5568-5864-4E8A-B7DE-E011157DE2BA"}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BB1096A-8523-4DD8-BCF2-745D7130F95C"}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D7388C5-E104-436A-8772-57BEB82856DE"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}