CVE-2014-2778

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3 Office Compatibility Pack version SP3

Description The issue is related to errors that occur when processing specially crafted files, allowing a remote attacker to execute arbitrary code and gain full control over the system. This can be achieved through crafted embedded fonts in .doc or .docx documents. An attacker who successfully exploits this issue could install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Word 2007 SP3, consider applying the necessary security updates to resolve the issue. For Office Compatibility Pack SP3, apply the relevant patches to fix the vulnerability. As a temporary workaround, consider restricting the use of embedded fonts in documents until a patch is available.