Cyber Resilience

CVE-2014-1761

HighCISA KEVActive ExploitationEUVD Exploited

Published: 25 March 2014

Published
25 March 2014
Modified
21 April 2026
KEV Added
15 February 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9334 99.8th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2014-1761 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Microsoft Word 2003 SP3 through 2013, Word Viewer, Office Compatibility Pack SP3, Office for Mac 2011, Word Automation Services on SharePoint Server 2010 and 2013, and Office Web Apps 2010 and 2013 are affected by an out-of-bounds write vulnerability (CWE-787) that can be triggered by specially crafted RTF data. The flaw permits memory corruption that may result in either arbitrary code execution or a denial of service condition. The issue received a CVSS 3.1 score of 7.8 and was publicly disclosed on 25 March 2014.

An attacker can deliver the malicious RTF content through a crafted document that a user opens locally or that is processed by server-side components such as Word Automation Services or Office Web Apps. Successful exploitation grants the attacker the ability to run arbitrary code in the context of the current user or to crash the affected process, with no privileges required beyond convincing the target to handle the file.

Microsoft security bulletin MS14-017 and the associated advisory 2953095 address the vulnerability through cumulative updates for the listed products. The bulletin recommends applying the patches as the primary mitigation and notes that the flaw had already been exploited in targeted attacks at the time of release.

The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming continued real-world exploitation since its initial use in March 2014.

EU & UK References

Vulnerability details

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010…

more

SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

CWE(s)
KEV Date Added
15 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2011
microsoft
office compatibility pack
all versions
microsoft
office web apps
2010
microsoft
office web apps server
2013
microsoft
sharepoint server
2010, 2013
microsoft
word
2003, 2007, 2010, 2013
microsoft
word viewer
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patches (MS14-017) that remediate the RTF out-of-bounds write before exploitation can succeed.

preventdetect

Mandates malicious-code protection mechanisms that can inspect or block specially crafted RTF documents before they are opened by Word or server-side components.

preventdetect

Requires integrity verification of software and information, enabling detection of unauthorized modification or corruption introduced by the malicious RTF payload.

References