ID CVE-2014-1756
Summary Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS14-023
bulletin_url
date 2014-05-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2961037
knowledgebase_url
severity Important
title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
refmap via4
Last major update 30-10-2018 - 16:27
Published 14-05-2014 - 11:13
Last modified 30-10-2018 - 16:27
Back to Top