CVSS: 9.3EPSS: 90%CPEs: 4EXPL: 0CVE-2014-1757
https://notcve.org/view.php?id=CVE-2014-1757
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability." Microsoft Word 2007 SP3 y 2010 SP1 y SP2, y Office Compatibility Pack SP3, asigna memoria incorrectamente para conversiones de archivo de un formato binario (también conocido como .doc) a un formato más nuevo, lo que permite a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como "Vulnerabilidad de Convertidor de Formato de Archivos de Microsoft Office." • http://www.kb.cert.org/vuls/id/882841 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 9%CPEs: 8EXPL: 0CVE-2014-2730
https://notcve.org/view.php?id=CVE-2014-2730
The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564. El analizador XML en Microsoft Office 2007 SP3, 2010 SP1 y SP2 y 2013 y Office para Mac 2011, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y cuelgue de aplicación persistente) a través de un documento XML manipulado que contiene un número grande de referencias de entidad anidadas, tal y como fue demostrado por un mensaje de email en texto plano manipulado hacia Outlook, un problema similar a CVE-2003-1564. • http://www.securityfocus.com/archive/1/531722/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 63%CPEs: 17EXPL: 1CVE-2014-1761 – Microsoft Word Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1761
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos RTF manipulados, tal y como fue explotado en marzo 2014. Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. • https://www.exploit-db.com/exploits/32793 http://technet.microsoft.com/security/advisory/2953095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers https://www.virustotal.com/en/file/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a/analysis • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 44%CPEs: 13EXPL: 0CVE-2014-0260
https://notcve.org/view.php?id=CVE-2014-0260
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, también conocido como "Vulnerabilidad de corrupcion de memoria Word" • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 44%CPEs: 4EXPL: 0CVE-2014-0258
https://notcve.org/view.php?id=CVE-2014-0258
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 SP3 y 2007 SP3, Office Compatibility Pack SP3 y Word Viewer permite a atacantes remotos ejecutar código d eforma arbitraria o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, tambien conocido como "Word Memory Corruption Vulnerability." • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •