RCE in Microsoft Office_web_apps_server

CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Ap…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.196 (95.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office_web_apps_server — versions 2013
Microsoft Project_server — versions 2010, 2013
Microsoft Sharepoint_designer — versions 2007, 2010, 2013
Microsoft Sharepoint_foundation — versions 2010, 2013
Microsoft Sharepoint_server — versions 2007, 2010, 2013
Microsoft Sharepoint_server_client_components_sdk — versions 2013
Microsoft Sharepoint_services — versions 3.0
Microsoft Web_applications — versions 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS14-022 (x_refsource_MS, vendor-advisory)
1030227 (vdb-entry, x_refsource_SECTRACK)