CVE-2014-6357

2014-12-1100:59:10

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.083

Percentile

94.5%

JSON

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Use After Free Word Remote Code Execution Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftofficeMatch2011mac

microsoftofficeMatch2013gold

microsoftofficeMatch2013rt

microsoftofficeMatch2013rt_gold

microsoftofficeMatch2013sp1

microsoftoffice_compatibility_packsp3

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013--gold

microsoftsharepoint_serverMatch2013sp1

microsoftweb_applicationsMatch2010sp2

microsoftweb_applicationsMatch2013gold

microsoftweb_applicationsMatch2013sp1

microsoftword_viewerMatch-

VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
microsoftoffice2011cpe:2.3:a:microsoft:office:2011:*:*:*:*:mac:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:rt:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice_compatibility_pack*cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
microsoftsharepoint_server2010cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_server2013cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x64:*
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2:::::x86:*
microsoft	office	2011	cpe:2.3:a:microsoft:office:2011:::::mac::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013::::gold:::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013::::rt:::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013::::rt_gold:::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office_compatibility_pack	*	cpe:2.3:a:microsoft:office_compatibility_pack::sp3::::::*
microsoft	sharepoint_server	2010	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
microsoft	sharepoint_server	2013	cpe:2.3:a:microsoft:sharepoint_server:2013:-:-::gold:::