9.3
CVE-2014-4117
- EPSS 35.71%
- Published 15.10.2014 10:55:07
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Office Compatibility Pack Updatesp3
Microsoft ≫ Sharepoint Server Version2010 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Word Web Apps Version2010 Updategold
Microsoft ≫ Word Web Apps Version2010 Updatesp1
Microsoft ≫ Word Web Apps Version2010 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 35.71% | 0.967 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.