===================================================================== CERT-Renater Note d'Information No. 2014/VULN127 _____________________________________________________________________ DATE : 11/06/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Word version 2007, Microsoft Office Compatibility Pack. ====================================================================== KB2969261 https://technet.microsoft.com/library/security/ms14-034 ______________________________________________________________________ Microsoft Security Bulletin MS14-034 - Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Published: June 10, 2014 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Important for supported editions of Microsoft Word 2007 and Microsoft Office Compatibility Pack. For more information, see the Affected and Non-Affected Software section. The security update addresses the vulnerability by correcting the way that Microsoft Office parses specially crafted files. Affected Software Microsoft Word 2007 Service Pack 3 (2880515) Microsoft Office Compatibility Pack Service Pack 3 (2880513) Vulnerability Information Embedded Font Vulnerability - CVE-2014-2778 A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================