CVE-2014-1761

CVE Database · CVE-2014-1761

CVE-2014-1761

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

77.73%

Published

Mar 25, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-02-15 · Due: 2022-08-15

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Word - RTF Object Confusion (MS14-017) (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (17)

microsoft · officevulnerable

microsoft · office_compatibility_packvulnerable

microsoft · office_web_appsvulnerable

microsoft · office_web_apps_servervulnerable

microsoft · sharepoint_servervulnerable

microsoft · wordvulnerable

References (5)