CVE-2014-4117 – Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4117
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar código arbitrario a través de propiedades manipuladas en un documento Word document, también conocido como 'vulnerabilidad del formato de ficheros Microsoft Word.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of style tags. By nesting a specific style tag within another, an attacker is able to cause a pointer to be used after the underlying object has been freed. • http://secunia.com/advisories/60973 http://www.securityfocus.com/bid/70360 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 • CWE-20: Improper Input Validation •
CVE-2014-1761 – Microsoft Word Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1761
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos RTF manipulados, tal y como fue explotado en marzo 2014. Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. • https://www.exploit-db.com/exploits/32793 http://technet.microsoft.com/security/advisory/2953095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers https://www.virustotal.com/en/file/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a/analysis • CWE-787: Out-of-bounds Write •
CVE-2014-0260
https://notcve.org/view.php?id=CVE-2014-0260
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, también conocido como "Vulnerabilidad de corrupcion de memoria Word" • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3847
https://notcve.org/view.php?id=CVE-2013-3847
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado. Aka "Word Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3849
https://notcve.org/view.php?id=CVE-2013-3849
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupcion de memoria) a través de un documento de Office manipulado . Conocido también como "Vulnerabilidad de Corrupción de Memoria en Word". Vulnerabilidad diferente a CVE-2013-3847, CVE-2013-3848, y CVE-2013-3858. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •