CVE-2014-1761
Published: 25 March 2014
Summary
CVE-2014-1761 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Word 2003 SP3 through 2013, Word Viewer, Office Compatibility Pack SP3, Office for Mac 2011, Word Automation Services on SharePoint Server 2010 and 2013, and Office Web Apps 2010 and 2013 are affected by an out-of-bounds write vulnerability (CWE-787) that can be triggered by specially crafted RTF data. The flaw permits memory corruption that may result in either arbitrary code execution or a denial of service condition. The issue received a CVSS 3.1 score of 7.8 and was publicly disclosed on 25 March 2014.
An attacker can deliver the malicious RTF content through a crafted document that a user opens locally or that is processed by server-side components such as Word Automation Services or Office Web Apps. Successful exploitation grants the attacker the ability to run arbitrary code in the context of the current user or to crash the affected process, with no privileges required beyond convincing the target to handle the file.
Microsoft security bulletin MS14-017 and the associated advisory 2953095 address the vulnerability through cumulative updates for the listed products. The bulletin recommends applying the patches as the primary mitigation and notes that the flaw had already been exploited in targeted attacks at the time of release.
The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming continued real-world exploitation since its initial use in March 2014.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-1835
Vulnerability details
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010…
more
SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
- CWE(s)
- KEV Date Added
- 15 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patches (MS14-017) that remediate the RTF out-of-bounds write before exploitation can succeed.
Mandates malicious-code protection mechanisms that can inspect or block specially crafted RTF documents before they are opened by Word or server-side components.
Requires integrity verification of software and information, enabling detection of unauthorized modification or corruption introduced by the malicious RTF payload.