Use-After-Free Vulnerability in Microsoft Office Products
CVE-2014-6357

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word Viewer; Office; Sharepoint Server; Office Compatibility Pack
Vendor: CVE Published:; 11 December 2014

What is CVE-2014-6357?

This vulnerability is a use-after-free flaw found in various versions of Microsoft Office products. When exploited, it allows remote attackers to execute arbitrary code by crafting a malicious Office document. This can occur in several Office products, including Office 2010, Office 2013, Office for Mac, and others. Users opening such documents may be subjected to the attack without their knowledge, potentially leading to unauthorized access or control over their systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

55% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Sep 11, 2014