Vulnerability Description
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2007 |
| Microsoft | Office Compatibility Pack | All versions |
| Microsoft | Sharepoint Server | 2010 |
| Microsoft | Word | 2010 |
| Microsoft | Word Web Apps | 2010 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60973
- http://www.securityfocus.com/bid/70360
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-06
- http://secunia.com/advisories/60973
- http://www.securityfocus.com/bid/70360
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-06
FAQ
What is CVE-2014-4117?
CVE-2014-4117 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and...
How severe is CVE-2014-4117?
CVE-2014-4117 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4117?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Sharepoint Server, Microsoft Word, Microsoft Word Web Apps.