CVE-2014-4117 - OpenCVE

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Office Compatibility Pack Sharepoint Server Word Word Web Apps

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2010:sp1::::::
	cpe:2.3:a:microsoft:office:2010:sp2::::::
	cpe:2.3:a:microsoft:office:2011::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:word:2010:sp1::::::
	cpe:2.3:a:microsoft:word:2010:sp2::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:gold::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp1::::::
	cpe:2.3:a:microsoft:word_web_apps:2010:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/60973
http://www.securityfocus.com/bid/70360
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2014-10-15T10:00:00

Updated: 2024-08-06T11:04:28.492Z

Reserved: 2014-06-12T00:00:00

Link: CVE-2014-4117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-15T10:55:07.897

Modified: 2018-10-12T22:07:18.973

Link: CVE-2014-4117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "70360", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70360"}, {"name": "MS14-061", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"}, {"name": "60973", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60973"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2014-4117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "70360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70360"}, {"name": "MS14-061", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"}, {"name": "60973", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60973"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:04:28.492Z"}, "title": "CVE Program Container", "references": [{"name": "70360", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70360"}, {"name": "MS14-061", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"}, {"name": "60973", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60973"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2014-4117", "datePublished": "2014-10-15T10:00:00", "dateReserved": "2014-06-12T00:00:00", "dateUpdated": "2024-08-06T11:04:28.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "D2A0758C-6499-407F-823A-6F28BE56805E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "24EEDAD9-9656-4B21-82E4-D60B83777492", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:gold:*:*:*:*:*:*", "matchCriteriaId": "72BE5568-5864-4E8A-B7DE-E011157DE2BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp1:*:*:*:*:*:*", "matchCriteriaId": "5BB1096A-8523-4DD8-BCF2-745D7130F95C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_web_apps:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D7388C5-E104-436A-8772-57BEB82856DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka \"Microsoft Word File Format Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 y SP2, Word 2010 SP1 y SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 y SP2, y Word Web Apps 2010 Gold, SP1, y SP2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de propiedades manipuladas en un documento Word document, tambi\u00e9n conocido como 'vulnerabilidad del formato de ficheros Microsoft Word.'"}], "id": "CVE-2014-4117", "lastModified": "2018-10-12T22:07:18.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-15T10:55:07.897", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/60973"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/70360"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-061"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}