CVE-2014-6364

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3, 2010 SP2, 2013 Gold, 2013 SP1, 2013 SP2, 2013 RT Gold, and 2013 RT SP1

Description A use-after-free issue allows remote attackers to execute arbitrary code via a crafted Office document. The vulnerability is caused by Microsoft Word not properly handling objects in memory while parsing specially crafted Office files. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user. If the current user has administrative user rights, an attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2007 SP3, update to a version that includes the fix for this issue. For Microsoft Office 2010 SP2, update to a version that includes the fix for this issue. For Microsoft Office 2013 Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Office 2013 RT Gold and SP1, update to a version that includes the fix for this issue.