CVE-2014-6334

2014-11-1122:55:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-6334

microsoft word

word viewer

office compatibility pack

remote code execution

memory corruption

nvd

8.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.9%

JSON

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Bad Index Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:office_word_viewermicrosoft office word viewereq*
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:office_word_viewer	microsoft office word viewer	eq	*
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:word	microsoft word	eq	2007