CVE-2014-6335

2014-11-1122:55:05

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-6335

microsoft

word

2007

sp3

word viewer

office compatibility pack

remote code execution

memory corruption

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

AI Score

Confidence

High

0.904 High

EPSS

Percentile

98.8%

JSON

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.”

Affected configurations

NVD

Node

microsoftoffice_compatibility_packsp3

microsoftoffice_word_viewer

microsoftwordMatch2007sp3

CPENameOperatorVersion
microsoft:office_compatibility_packmicrosoft office compatibility packeq*
microsoft:office_word_viewermicrosoft office word viewereq*
microsoft:wordmicrosoft wordeq2007

CPE	Name	Operator	Version
microsoft:office_compatibility_pack	microsoft office compatibility pack	eq	*
microsoft:office_word_viewer	microsoft office word viewer	eq	*
microsoft:word	microsoft word	eq	2007