CVE-2014-9274 (arbitrary code execution)
A flaw allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code as demonstrated by a file containing the
string "{\cb-999999999".
CVE-2014-9275 (arbitrary code execution)
A flaw allows remote attackers to cause a denial of service
(out-of-bounds memory access and crash) and possibly execute arbitrary
code via a crafted RTF file.