Description
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)
Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306)
WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)
WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)
OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1563)