CVSS: 9.3EPSS: 30%CPEs: 8EXPL: 0CVE-2014-6364
https://notcve.org/view.php?id=CVE-2014-6364
Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, y SP2; y 2013 RT Gold y SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocido como 'Vulnerabilidad de uso después de liberación de Microsoft Office Component'. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082 •
CVSS: 9.3EPSS: 86%CPEs: 3EXPL: 0CVE-2014-6333
https://notcve.org/view.php?id=CVE-2014-6333
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability." Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocido como 'vulnerabilidad de ejecución de código remoto de eliminación doble de Microsoft Office.' • http://secunia.com/advisories/59867 http://www.securityfocus.com/bid/70961 http://www.securitytracker.com/id/1031189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 3EXPL: 0CVE-2014-6335
https://notcve.org/view.php?id=CVE-2014-6335
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability." Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de puntero inválido de Microsoft Office.' • http://secunia.com/advisories/59867 http://www.securityfocus.com/bid/70963 http://www.securitytracker.com/id/1031189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 3EXPL: 0CVE-2014-6334
https://notcve.org/view.php?id=CVE-2014-6334
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability." Microsoft Word 2007 SP3, Word Viewer, y Office Compatibility Pack SP3 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de indice malo de Microsoft Office.' • http://secunia.com/advisories/59867 http://www.securityfocus.com/bid/70962 http://www.securitytracker.com/id/1031189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 91%CPEs: 12EXPL: 0CVE-2014-4117 – Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4117
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar código arbitrario a través de propiedades manipuladas en un documento Word document, también conocido como 'vulnerabilidad del formato de ficheros Microsoft Word.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of style tags. By nesting a specific style tag within another, an attacker is able to cause a pointer to be used after the underlying object has been freed. • http://secunia.com/advisories/60973 http://www.securityfocus.com/bid/70360 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061 • CWE-20: Improper Input Validation •