Kaspersky LabKLA10012KLA10012 Vulnerability in Microsoft Word 2007 & Office Compatibility Pack
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.523 Medium
EPSS
Percentile
97.5%
Detect date:
06/10/2014
Severity:
Critical
Description:
An unspecified vulnerability was found in the Word 2007 and Office Compatibility Pack. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited from the network at point related to an unknown application via a specially designed embedded font.
Affected products:
Word 2007 Service Pack 3, Office Compatibility Pack Service Pack 3.
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
ACE
Related products:
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
CVE-IDS:
CVE-2014-27789.3Critical
Microsoft official advisories:
KB list:
References
support.microsoft.com/kb/2880513
support.microsoft.com/kb/2880515
support.microsoft.com/kb/2969261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2778
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2778
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms14-034.aspx
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Word/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.523 Medium
EPSS
Percentile
97.5%