Microsoft Office Web Apps Multiple Vulnerabilities (2952166) Network Vulnerability

Summary

This host is missing an critical security update according to Microsoft Bulletin MS14-022.

Impact

Successful exploitation will allow remote attackers to execute the arbitrary code and compromise a vulnerable system. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms14-022

Insight

Flaws is due to multiple unspecified components when handling page content.

Affected

Microsoft Web Applications 2010 Service Pack 2 and prior, Microsoft Web Applications 2013 Service Pack 1 and prior.

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/57834
http://www.osvdb.com/106893
https://technet.microsoft.com/library/security/ms14-022

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0251, CVE-2014-1754, CVE-2014-1813
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
Cumulative Security Update for Internet Explorer (931768)
Cumulative Security Update for Internet Explorer (958215)
Cumulative Security Update for Internet Explorer (928090)
Buffer Overrun in the ListBox and in the ComboBox (824141)

Take action and discover your vulnerabilities