CVE-2014-6357

Name of the Vulnerable Software and Affected Versions Microsoft Office 2010 SP2 Microsoft Office 2013 Gold and SP1 Microsoft Office 2013 RT Gold and SP1 Microsoft Office for Mac 2011 Microsoft Word Viewer Microsoft Office Compatibility Pack SP3 Microsoft Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1 Microsoft Office Web Apps 2010 SP2 and 2013 Gold and SP1

Description A use-after-free issue in Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. The vulnerability occurs due to improper handling of objects in memory while parsing specially crafted Office files, potentially corrupting system memory and enabling an attacker to execute arbitrary code in the context of the current user. If the current user has administrative user rights, an attacker could take complete control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 Gold and SP1, update to a newer version to mitigate the risk. For Microsoft Office 2013 RT Gold and SP1, update to a newer version to mitigate the risk. For Microsoft Office for Mac 2011, update to a newer version to mitigate the risk. For Microsoft Word Viewer, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack SP3, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, update to a newer version to mitigate the risk. For Microsoft Office Web Apps 2010 SP2 and 2013 Gold and SP1, update to a newer version to mitigate the risk.