Design/Logic Flaw

2015-04-1420:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Component Use After Free Vulnerability.”

CPENameOperatorVersion
officeeq2010 sp2-x64
officeeq2010 sp2-x86
office_web_appseq2013 sp1
office_web_appseq2010 sp2
sharepoint_servereq2010 sp2
sharepoint_servereq2013 sp1
wordeq2013 sp1
wordeq2010 sp2
wordeq2007 sp3

Name	Operator	Version
office	eq	2010 sp2-x64
office	eq	2010 sp2-x86
office_web_apps	eq	2013 sp1
office_web_apps	eq	2010 sp2
sharepoint_server	eq	2010 sp2
sharepoint_server	eq	2013 sp1
word	eq	2013 sp1
word	eq	2010 sp2
word	eq	2007 sp3