MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple memory corruption
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Microsoft
Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint
Server, or Microsoft Office Web Apps that is affected by one or more
unspecified memory corruption vulnerabilities. By tricking a user into
opening a specially crafted file, it may be possible for a remote
attacker to take complete control of the system or execute arbitrary
code.

See also :

https://technet.microsoft.com/library/security/ms14-017
http://securitytracker.com/id?1029948

Solution :

Microsoft has released a set of patches for Office 2003, 2007, 2010,
2013, Office Compatibility Pack, Microsoft Word Viewer, SharePoint
Server, and Office Web Apps.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 73413 ()

Bugtraq ID: 66385
66614
66629

CVE ID: CVE-2014-1757
CVE-2014-1758
CVE-2014-1761

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial