CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-1761

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score44.3950%
EPSS Percentile87.34th
Published2014年3月25日
Last Modified2026年4月21日

Vulnerability Description

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Affected Platforms (CPE)

📦
Microsoft

Office

= 2011
📦
Microsoft

Office Compatibility Pack

All versions
📦
Microsoft

Office Web Apps

= 2010
📦
Microsoft

Office Web Apps

= 2010
📦
Microsoft

Office Web Apps Server

= 2013
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Server

= 2013
📦
Microsoft

Word

= 2003
📦
Microsoft

Word

= 2007
📦
Microsoft

Word

= 2010
📦
Microsoft

Word

= 2010
📦
Microsoft

Word

= 2013
📦
Microsoft

Word

= 2013
📦
Microsoft

Word

= 2013
📦
Microsoft

Word

= 2013
📦
Microsoft

Word Viewer

All versions

References & Advisories

🔗 http://technet.microsoft.com/security/advisory/2953095
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017
🔗 http://technet.microsoft.com/security/advisory/2953095
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-1761

相關漏洞威脅

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...