CVE-2014-1761
CVE-2014-1761
In short
Microsoft Word and related Office applications fail to properly validate RTF (Rich Text Format) files, allowing attackers to send malicious documents that crash the program or execute unauthorized code when opened.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in RTF parsing across multiple Office products enables remote code execution or denial of service through specially crafted RTF files; no authentication required—only user interaction to open the document is needed.
Summary generated and translated by AI from the official description.
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/32793unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →