Description

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Remediation

References

CVE-2014-1761

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)

Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306)

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)

WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)

OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1563)

Severity

High

Classification

CVE-2014-1761 CWE-787 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities