The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security bulletin CVE-2014-6333 CVE-2014-6334 CVE-2014-6335

Word 2007: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious Word document, in order to trigger a denial of service, and possibly to execute code.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/11/2014.
Références of this threat: 3009710, CERTFR-2014-AVI-468, CVE-2014-6333, CVE-2014-6334, CVE-2014-6335, MS14-069, VIGILANCE-VUL-15615.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Word 2007.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-6333]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-6334]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-6335]

An attacker can therefore invite the victim to open a malicious Word document, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity announce impacts software or systems such as Office, Word.

Our Vigil@nce team determined that the severity of this threat alert is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat

Word 2007: patch.
A patch is available in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.