CVE-2014-0260

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office Compatibility Pack version SP3 Word Viewer (affected versions not specified) SharePoint Server versions 2010 SP1 and SP2 and 2013 Office Web Apps versions 2010 SP1 and SP2 Office Web Apps Server version 2013

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Office document. This is due to errors that occur when processing specially crafted files, enabling a remote attacker to execute arbitrary code. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that is not affected by this issue. For Office Compatibility Pack version SP3, update to a version that is not affected by this issue. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SharePoint Server versions 2010 SP1 and SP2 and 2013, update to a version that is not affected by this issue. For Office Web Apps versions 2010 SP1 and SP2, update to a version that is not affected by this issue. For Office Web Apps Server version 2013, update to a version that is not affected by this issue.