MS KB2953095: Vulnerability in Microsoft Word Could Allow Remote Code Execution
high Nessus Plugin ID 73161
Language:
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.Description
The remote host is missing one of the workarounds referenced in KB 2953095.The remote host has a version of Microsoft Word installed that is potentially affected by a code execution vulnerability due to the way the application handles specially crafted RTF files.
Solution
Microsoft has provided a workaround for Microsoft Word 2003, 2007, 2010, 2013, Word Viewer and Office Compatibility Pack.See Also
http://technet.microsoft.com/en-us/security/advisory/2953095
Plugin Details
Severity: High
ID: 73161
File Name: smb_kb2953095.nasl
Version: Revision: 1.6
Type: local
Agent: windows
Family: Windows
Published: 3/24/2014
Updated: 8/30/2017
Supported Sensors: Nessus Agent
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:ND/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:office_compatibility_pack
Required KB Items: SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 3/24/2014
Reference Information
CVE: CVE-2014-1761
BID: 66385
OSVDB: 104895
MSKB: 2953095