CVE-2014-1761 - OpenCVE

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Word Office Compatibility Pack Word Viewer Office Web Apps Office Web Apps Server Office Sharepoint Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2011::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
	cpe:2.3:a:microsoft:office_web_apps:2010:sp1::::::
	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
	cpe:2.3:a:microsoft:office_web_apps_server:2013:::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:sharepoint_server:2013:::::::*
	cpe:2.3:a:microsoft:word:2003:sp3::::::
	cpe:2.3:a:microsoft:word:2007:sp3::::::
	cpe:2.3:a:microsoft:word:2010:sp1:::::x64:*
	cpe:2.3:a:microsoft:word:2010:sp1::::x86::*
	cpe:2.3:a:microsoft:word:2010:sp2:::::x64:*
	cpe:2.3:a:microsoft:word:2013:::::::*
	cpe:2.3:a:microsoft:word:2013::::rt:::
	cpe:2.3:a:microsoft:word_viewer::::::::

References

Link	Resource
http://technet.microsoft.com/security/advisory/2953095	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2014-03-24T19:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2014-01-29T00:00:00

Link: CVE-2014-1761

JSON object: View

NVD Information

Status : Modified

Published: 2014-03-25T13:24:01.067

Modified: 2018-10-30T16:27:52.390

Link: CVE-2014-1761

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS14-017", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://technet.microsoft.com/security/advisory/2953095"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2014-1761", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS14-017", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"}, {"name": "http://technet.microsoft.com/security/advisory/2953095", "refsource": "CONFIRM", "url": "http://technet.microsoft.com/security/advisory/2953095"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2014-1761", "datePublished": "2014-03-24T19:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-08-15", "cisaExploitAdd": "2022-02-15", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Word Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", "matchCriteriaId": "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", "matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*", "matchCriteriaId": "E03BB51F-14CE-4FFC-ADCD-15B5B694563B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*", "matchCriteriaId": "C3ADF60E-8802-4738-A6A6-BF2790225BB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x64:*", "matchCriteriaId": "00A48B3D-7639-4F74-83CB-79D951458C0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:*:*:*:*", "matchCriteriaId": "EC8E95D3-C62D-41D2-8B3A-032FEA6B8B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2013:*:*:*:rt:*:*:*", "matchCriteriaId": "3C81544A-00F9-4B20-B679-CFE60D5B23CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014."}, {"lang": "es", "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de datos RTF manipulados, tal y como fue explotado en marzo 2014."}], "id": "CVE-2014-1761", "lastModified": "2018-10-30T16:27:52.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-25T13:24:01.067", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://technet.microsoft.com/security/advisory/2953095"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}