CVE-2014-6335
https://notcve.org/view.php?id=CVE-2014-6335
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability." Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de puntero inválido de Microsoft Office.' • http://secunia.com/advisories/59867 http://www.securityfocus.com/bid/70963 http://www.securitytracker.com/id/1031189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-6334
https://notcve.org/view.php?id=CVE-2014-6334
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability." Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de indice malo de Microsoft Office.' • http://secunia.com/advisories/59867 http://www.securityfocus.com/bid/70962 http://www.securitytracker.com/id/1031189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-4117 – Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4117
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar código arbitrario a través de propiedades manipuladas en un documento Word document, también conocido como 'vulnerabilidad del formato de ficheros Microsoft Word.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of style tags. By nesting a specific style tag within another, an attacker is able to cause a pointer to be used after the underlying object has been freed. • http://secunia.com/advisories/60973 http://www.securityfocus.com/bid/70360 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 • CWE-20: Improper Input Validation •
CVE-2014-2778
https://notcve.org/view.php?id=CVE-2014-2778
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability." Microsoft Word 2007 SP3 y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una fuente embebida manipulada en un documento (1) .doc o (2) .docx, también conocido como 'Vulnerabilidad de Fuente Embebida.' • http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx http://secunia.com/advisories/58551 http://www.securityfocus.com/bid/67896 http://www.securitytracker.com/id/1030383 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1757
https://notcve.org/view.php?id=CVE-2014-1757
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability." Microsoft Word 2007 SP3 y 2010 SP1 y SP2, y Office Compatibility Pack SP3, asigna memoria incorrectamente para conversiones de archivo de un formato binario (también conocido como .doc) a un formato más nuevo, lo que permite a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como "Vulnerabilidad de Convertidor de Formato de Archivos de Microsoft Office." • http://www.kb.cert.org/vuls/id/882841 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •