CVE-2014-1756

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1

Description The issue is related to errors in checking the path of loaded dynamic libraries in Microsoft Office. This allows a remote attacker to execute arbitrary code contained in a dynamic library located in the directory of the opened document. The vulnerability can be exploited when the Simplified Chinese Proofing Tool is enabled, allowing local users to gain privileges via a Trojan horse DLL in the current working directory.

Recommendations For Microsoft Office 2007 SP3, consider disabling the Simplified Chinese Proofing Tool until a patch is available. For Microsoft Office 2010 SP1 and SP2, restrict access to the current working directory to minimize the risk of exploitation. For Microsoft Office 2013 Gold, SP1, RT, and RT SP1, avoid using the affected feature when the Simplified Chinese Proofing Tool is enabled until the issue is resolved.