9.3

CVE-2014-6357

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2010 Updatesp2 HwPlatformx64
MicrosoftOffice Version2010 Updatesp2 HwPlatformx86
MicrosoftOffice Version2011 SwPlatformmac
MicrosoftOffice Version2013 SwEditiongold
MicrosoftOffice Version2013 SwEditionrt
MicrosoftOffice Version2013 SwEditionrt_gold
MicrosoftOffice Version2013 Updatesp1
MicrosoftSharepoint Server Version2010 Updatesp2
MicrosoftSharepoint Server Version2013 Update- Edition- SwEditiongold
MicrosoftSharepoint Server Version2013 Updatesp1
MicrosoftWeb Applications Version2010 Updatesp2
MicrosoftWeb Applications Version2013 SwEditiongold
MicrosoftWeb Applications Version2013 Updatesp1
MicrosoftWord Viewer Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 55.66% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C