Description

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Remediation

References

CVE-2014-1761

Related Vulnerabilities

SharePoint CVE-2020-1218 Vulnerability (CVE-2020-1218)

WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4166)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)

WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)

Severity

High

Classification

CVE-2014-1761 CWE-787 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities