PT-2014-4887 · Microsoft · Office 2007+3
Published
2014-04-05
·
Updated
2018-10-09
·
CVE-2014-2730
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Microsoft Office 2007 SP3
Microsoft Office 2010 SP1
Microsoft Office 2010 SP2
Microsoft Office 2013
Office for Mac 2011
Description
The XML parser in Microsoft Office does not properly detect recursion during entity expansion. This allows remote attackers to cause a denial of service, resulting in memory consumption and persistent application hang, via a crafted XML document containing a large number of nested entity references.
Recommendations
For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk.
For Microsoft Office 2010 SP1, update to a newer version to mitigate the risk.
For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk.
For Microsoft Office 2013, update to a newer version to mitigate the risk.
For Office for Mac 2011, update to a newer version to mitigate the risk.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office 2007
Office 2010
Office 2013
Office For Mac 2011