CVE-2014-2730

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 Microsoft Office 2010 SP2 Microsoft Office 2013 Office for Mac 2011

Description The XML parser in Microsoft Office does not properly detect recursion during entity expansion. This allows remote attackers to cause a denial of service, resulting in memory consumption and persistent application hang, via a crafted XML document containing a large number of nested entity references.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013, update to a newer version to mitigate the risk. For Office for Mac 2011, update to a newer version to mitigate the risk.