CVE-2014-4117

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Word 2007 SP3 Microsoft Office 2010 SP1 and SP2 Microsoft Word 2010 SP1 and SP2 Microsoft Office for Mac 2011 Microsoft Office Compatibility Pack SP3 Microsoft Word Automation Services on SharePoint Server 2010 SP1 and SP2 Microsoft Word Web Apps 2010 Gold, SP1, and SP2

Description A remote code execution issue exists in the way Microsoft Office software parses certain properties of Microsoft Word files. If an attacker successfully exploits this issue and the current user is logged on with administrative user rights, the attacker could take complete control of the affected system. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with limited account privileges on the system are less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Word 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Office for Mac 2011, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack SP3, update to a newer version to mitigate the risk. For Microsoft Word Automation Services on SharePoint Server 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Word Web Apps 2010 Gold, SP1, and SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of Microsoft Word files from untrusted sources until a patch is available.