Oval Definition:	oval:org.mitre.oval:def:24318
Revision Date: 2014-06-30 Version: 17 Title: Microsoft Office file format converter vulnerability (CVE-2014-1757) - MS14-017 Description: Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2014-1757 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Definition Synopsis word 2007/version Microsoft Word 2007 SP3 is installed AND Check if the version of winword.exe is less than 12.0.6695.5000 OR compatibility pack/version Microsoft Office Compatibility Pack SP3 is installed AND Check if the version of wordcnv.dll is less than 12.0.6695.5000 OR word 2010 sp1/sp2/version word 2010 sp1/sp2 Microsoft Word 2010 SP1 is installed OR Microsoft Word 2010 SP2 is installed AND Check if the version of winword.exe is less than 14.0.7121.5004
BACK