Oval Definition:oval:org.mitre.oval:def:23983
Revision Date:2014-06-30Version:21
Title:Word RTF memory corruption vulnerability (CVE-2014-1761) - MS14-017
Description:Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-1761
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word Viewer
Definition Synopsis
  • word 2003/version
  • Microsoft Word 2003 SP3 is installed
  • AND Check if the version of winword.exe is less than 11.0.8411
  • OR word 2007/version
  • Microsoft Word 2007 SP3 is installed
  • AND Check if the version of winword.exe is less than 12.0.6695.5000
  • OR word viewer/version
  • Check if the version of wordview.exe is less than 11.0.8411
  • AND Microsoft Word Viewer 2003 SP3 is installed
  • OR compatibility pack/version
  • Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if the version of wordcnv.dll is less than 12.0.6695.5000
  • OR word 2010 sp1/sp2/version
  • word 2010 sp1/sp2
  • Microsoft Word 2010 SP1 is installed
  • OR Microsoft Word 2010 SP2 is installed
  • AND Check if the version of winword.exe is less than 14.0.7121.5004
  • OR word 2013/version
  • word 2013/sp1
  • Microsoft Word 2013 SP1 is installed
  • OR Microsoft Word 2013 is installed
  • AND Check if the version of winword.exe is less than 15.0.4605.1001
  • OR sharepoint server 2010/version
  • sp1/sp2
  • Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • OR Microsoft SharePoint Server 2010 Service Pack 1 is installed
  • AND Check if the version of oartserver.dll is less than 14.0.7118.5000
  • OR web apps 2010/version
  • sp1/sp2
  • Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • OR Microsoft Office Web Apps 2010 Service Pack 1 is installed
  • AND Check if the version of msoserver.dll is less than 14.0.7119.5000
  • OR web apps 2013/version
  • Microsoft Office Web Apps Server 2013 is installed
  • AND Check if the version of msoserver.dll is less than 15.0.4605.1000
  • OR sharepoint server 2013/version
  • Microsoft SharePoint Server 2013 is installed
  • AND Check if the version of SWORD.DLL is less than 15.0.4605.1001
    • BACK