9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.523 Medium
EPSS
Percentile
97.5%
06/10/2014
Critical
An unspecified vulnerability was found in the Word 2007 and Office Compatibility Pack. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited from the network at point related to an unknown application via a specially designed embedded font.
Word 2007 Service Pack 3, Office Compatibility Pack Service Pack 3.
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
ACE
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
CVE-2014-27789.3Critical
support.microsoft.com/kb/2880513
support.microsoft.com/kb/2880515
support.microsoft.com/kb/2969261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2778
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2778
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms14-034.aspx
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Word/