Vulnerability Name: CVE-2014-4117 (CCN-96776) Assigned: 2014-10-14 Published: 2014-10-14 Updated: 2018-10-12 Summary: Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2014-4117 Source: SECUNIA Type: UNKNOWN60973 Source: CCN Type: Microsoft Security Bulletin MS14-061Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Source: CCN Type: Microsoft Security Bulletin MS14-069Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Source: CCN Type: Microsoft Security Bulletin MS14-081Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Source: BID Type: UNKNOWN70360 Source: CCN Type: BID-70360Microsoft Office Word File Processing CVE-2014-4117 Remote Code Execution Vulnerability Source: MS Type: UNKNOWNMS14-061 Source: XF Type: UNKNOWNms-word-cve20144117-code-exec(96776) Source: CCN Type: ZDI-14-350Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2011:*:mac:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:word_web_apps:2010:gold:*:*:*:*:*:* OR cpe:/a:microsoft:word_web_apps:2010:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:word_viewer:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:word_web_app:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:x32:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:x64:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:word:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp1:*:*:*:*:x64:* OR cpe:/a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:x32:* OR cpe:/a:microsoft:word:2010:sp2:*:*:*:*:x64:* Denotes that component is vulnerable Oval Definitions BACK
microsoft office 2007 sp3
microsoft office 2010 sp1
microsoft office 2010 sp2
microsoft office 2011
microsoft office compatibility pack * sp3
microsoft sharepoint server 2010 sp1
microsoft sharepoint server 2010 sp2
microsoft word 2010 sp1
microsoft word 2010 sp2
microsoft word web apps 2010 gold
microsoft word web apps 2010 sp1
microsoft word web apps 2010 sp2
microsoft word viewer *
microsoft word web app *
microsoft office 2010 sp1
microsoft office 2010 sp1
microsoft office 2007 sp3
microsoft sharepoint server 2010 sp1
microsoft office compatibility pack * sp3
microsoft word 2007 sp3
microsoft word 2010 sp1
microsoft sharepoint server 2010 sp2
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft word 2010 sp2
microsoft word 2010 sp2