CVE-2014-1757

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 SP3 through 2010 SP2 Office Compatibility Pack version SP3

Description The issue arises from incorrect memory allocation during file conversions from a binary format to a newer format, allowing remote attackers to execute arbitrary code via a crafted document. A remote code execution issue exists in the way that affected Microsoft Office software converts specially crafted files, potentially enabling an attacker to run arbitrary code as the current user. If the current user has administrative rights, an attacker could gain complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Word 2007 SP3, update to a version that fixes the memory allocation issue for file conversions. For Microsoft Word 2010 SP1 and SP2, apply the necessary patch to resolve the remote code execution vulnerability. For Office Compatibility Pack SP3, update the compatibility pack to a version that correctly handles file format conversions.