Lucene search

[email protected]CVE-2014-1756

HistoryMay 14, 2014 - 11:13 a.m.

CVE-2014-1756

2014-05-1411:13:06

[email protected]

web.nvd.nist.gov

microsoft

office

vulnerability

cve-2014-1756

security

untrusted search path

chinese

grammar

checking

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka “Microsoft Office Chinese Grammar Checking Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp1x64

microsoftofficeMatch2010sp1x86

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftofficeMatch2013

microsoftofficeMatch2013sp1

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2013

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2013

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-023

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2014-1756

nvd1 checkpoint_advisories1 symantec1 prion1 cvelist1 nessus1 openvas2 mskb1 securityvulns1 kaspersky1