← Back

CVE-2014-1761

nvd nist
Published: Mar 25, 2014Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Affected (17)

Microsoft
7 products
Office
Office Compatibility Pack
Office Web Apps
Office Web Apps Server
Sharepoint Server
Word
Word Viewer
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Office
Version 2011
Office Compatibility Pack
All versions
Microsoft
Office Web Apps
Version 2010 sp1
Office Web Apps
Version 2010 sp2
Office Web Apps Server
Version 2013
Microsoft
Sharepoint Server
Version 2010 sp1
Sharepoint Server
Version 2010 sp2
Sharepoint Server
Version 2013
Microsoft
Word
Version 2003 sp3
Word
Version 2007 sp3
Word
Version 2010 sp1
Word
Version 2010 sp2
Word
Version 2013
Word
Version 2013
Word
Version 2013 sp1
Word
Version 2013 sp1
Word Viewer
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.