MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple remote code execution
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft Office, Microsoft
Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint
Server, or Microsoft Office Web Apps that is affected by one or more
remote code execution vulnerabilities due to Microsoft Word improperly
handling objects in memory. A remote attacker can exploit this
vulnerability by convincing a user to open a specially crafted Office
file, resulting in execution of arbitrary code in the context of the
current user.

See also :

https://technet.microsoft.com/library/security/ms14-081

Solution :

Microsoft has released a set of patches for Office 2007, 2010, 2013,
Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server,
and Office Web Apps.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 79830 ()

Bugtraq ID: 71469
71470

CVE ID: CVE-2014-6356
CVE-2014-6357

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now