RCE in Microsoft Office_compatibility_pack

CVE-2014-6335

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.460 (97.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-94 — Code Injection

References

1031189 (vdb-entry, x_refsource_SECTRACK)
MS14-069 (x_refsource_MS, vendor-advisory)
59867 (x_refsource_SECUNIA, third-party-advisory)
70963 (vdb-entry, x_refsource_BID)