MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple memory corruption
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Microsoft
Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint
Server, or Microsoft Office Web Apps that is affected by one or more
unspecified memory corruption vulnerabilities. By tricking a user into
opening a specially crafted file, it may be possible for a remote
attacker to take complete control of the system or execute arbitrary
code.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms14-017

Solution :

Microsoft has released a set of patches for Office 2003, 2007, 2010,
2013, Office Compatibility Pack, Microsoft Word Viewer, SharePoint
Server, and Office Web Apps.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 73413 ()

Bugtraq ID: 66385
66614
66629

CVE ID: CVE-2014-1757
CVE-2014-1758
CVE-2014-1761