Microsoft Office Invalid Pointer Memory Corruption Vulnerabilities

Summary

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ‘Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.’

Credit:

The information has been provided by Ben Hawkes of Google Project Zero.


Details

Vulnerable Systems:
 * Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3

Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

CVE Information:
CVE-2014-6335

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/02/2014

Categories: Windows