Vulnerabilities > CVE-2014-1761 - Out-of-bounds Write vulnerability in Microsoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 17 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | MS14-017 Microsoft Word RTF Object Confusion. CVE-2014-1761. Local exploit for windows platform |
| id | EDB-ID:32793 |
| last seen | 2016-02-03 |
| modified | 2014-04-10 |
| published | 2014-04-10 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/32793/ |
| title | Microsoft Word - RTF Object Confusion MS14-017 |
Metasploit
| description | This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This module was created by reversing a public malware sample. |
| id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/MS14_017_RTF |
| last seen | 2020-06-02 |
| modified | 2018-10-28 |
| published | 2014-04-08 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ms14_017_rtf.rb |
| title | MS14-017 Microsoft Word RTF Object Confusion |
Msbulletin
| bulletin_id | MS14-017 |
| bulletin_url | |
| date | 2014-04-08T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2949660 |
| knowledgebase_url | |
| severity | Critical |
| title | Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS14-017.NASL description The remote Windows host has a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps that is affected by one or more unspecified memory corruption vulnerabilities. By tricking a user into opening a specially crafted file, it may be possible for a remote attacker to take complete control of the system or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 73413 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73413 title MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) NASL family Windows NASL id SMB_KB2953095.NASL description The remote host is missing one of the workarounds referenced in KB 2953095. The remote host has a version of Microsoft Word installed that is potentially affected by a code execution vulnerability due to the way the application handles specially crafted RTF files. last seen 2017-10-29 modified 2017-08-30 plugin id 73161 published 2014-03-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=73161 title MS KB2953095: Vulnerability in Microsoft Word Could Allow Remote Code Execution NASL family MacOS X Local Security Checks NASL id MACOSX_MS14-017.NASL description The remote Mac OS X host is running a version of Microsoft Word that is affected by one or more unspecified memory corruption vulnerabilities. By tricking a user into opening a specially crafted file, it may be possible for a remote attacker to take complete control of the system or execute arbitrary code. last seen 2019-10-28 modified 2014-04-08 plugin id 73414 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73414 title MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) (Mac OS X)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/126071/ms14_017_rtf.rb.txt |
| id | PACKETSTORM:126071 |
| last seen | 2016-12-05 |
| published | 2014-04-09 |
| reporter | Haifei Li |
| source | https://packetstormsecurity.com/files/126071/MS14-017-Microsoft-Word-RTF-Object-Confusion.html |
| title | MS14-017 Microsoft Word RTF Object Confusion |
Saint
| bid | 66385 |
| description | Microsoft Word RTF Object Confusion |
| id | win_patch_word2010 |
| osvdb | 104895 |
| title | msword_rtf |
| type | client |
Seebug
bulletinFamily exploit description CVE ID:CVE-2014-1761 Microsoft Word 是微软公司的一个文字处理软件。 因Microsoft Word在解析畸形的RTF格式数据时存在错误导致内存破坏,使得攻击者能够执行任意代码。当用户使用Microsoft Word受影响的版本打开恶意RTF文件,或者Microsoft Word是Microsoft Outlook的Email Viewer时,用户预览或打开恶意的RTF邮件信息,攻击者都可能成功利用此漏洞,从而获得当前用户的权限。值得注意的是,Microsoft Outlook 2007/2010/2013默认的Email Viewer都是Microsoft Word。 0 Microsoft Word Viewer Microsoft Word 2013 Microsoft Word 2010 Microsoft Word 2007 Microsoft Word 2003 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://technet.microsoft.com/security/bulletin/ 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 应用Microsoft Fix it解决方案,禁止在Microsoft Word中打开RTF内容。 * 以纯文本读取电子邮件。 * 用Microsoft Office File Block策略阻止在Microsoft Word 2003, 2007, Microsoft Word 2010, Microsoft Word 2013中打开RTF文件。 * 部署Enhanced Mitigation Experience Toolkit。 id SSV:61922 last seen 2017-11-19 modified 2014-03-25 published 2014-03-25 reporter Root title Microsoft Word RTF文件解析错误代码执行漏洞 bulletinFamily exploit description No description provided by source. id SSV:86063 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86063 title MS14-017 Microsoft Word RTF Object Confusion
The Hacker News
id THN:103E92865E8734B3EDDD5CEB442B21DA last seen 2018-01-27 modified 2014-04-05 published 2014-04-05 reporter Sudhir K Bansal source https://thehackernews.com/2014/04/microsoft-critical-vulnerabilities-that.html title Microsoft Critical Vulnerabilities that You Must Patch Coming Tuesday id THN:7A3C2E583024B88C0017ED311665D98A last seen 2018-01-27 modified 2014-03-25 published 2014-03-24 reporter Mohit Kumar source https://thehackernews.com/2014/03/microsoft-word-zero-day-vulnerability.html title Microsoft Word Zero-Day Vulnerability is being exploited in the Wild