Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014


View products that this article applies to.

Introduction

This update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.

↑ Back to the top


Summary

Microsoft has released security bulletin MS14-017. Learn more about how to obtain the fixes included in this security bulletin: To have us fix this problem for you, go to the "Fix it for me" section.

↑ Back to the top


Fix it for me

The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, go to the following Microsoft Security Advisory webpage: The advisory provides more information about the issue. This includes the following:
  • The scenarios in which you might apply or disable the workaround.
  • How to manually apply the workaround.
Specifically, to see this information, expand the Suggested actions section, and then expand the Workarounds section.


To enable or disable this Fix it solution, click the Fix it button or link under the Enable this fix it heading or under the Disable this fix it heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

Disable opening RTF content in Microsoft Word

Enable this fix itDisable this fix it

↑ Back to the top


How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2878303 MS14-017: Description of the security update for Word 2003: April 8, 2014

    The following are the known issues in security update 2878303. For more information about these known issues, see security update 2878303.
  • 2878237 MS14-017: Description of the security update for Word 2007: April 8, 2014
  • 2863926 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014
  • 2863919 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014
  • 2863910 MS14-017: Description of the security update for Office 2013 and Office 2013 RT: April 8, 2014
  • 2939132 MS14-017: Description of the Microsoft Office for Mac 2011 14.4.1 Update: April 8, 2014
  • 2878304 MS14-017: Description of the security update for Word Viewer: April 8, 2014
  • 2878236 MS14-017: Description of the security update for the Office Compatibility Pack: April 8, 2014
  • 2863907 MS14-017: Description of the security update for Word Automation Services in Microsoft SharePoint Server 2013: April 8, 2014
  • 2878220 MS14-017: Description of the security update for Word Automation Services in SharePoint Server 2010: April 8, 2014
  • 2878221 MS14-017: Description of the security update for Word Web Apps: April 8, 2014
  • 2878219 MS14-017: Description of the security update for Office Web Apps Server 2013: April 8, 2014

    The following are the known issues in security update 2878219. For more information about these known issues, see security update 2878219.

    • This security update may fail to install on a computer that is running Microsoft Web Apps Server 2013 if the computer also has Office 2013 Service Pack 1 (SP1) installed. Microsoft is researching this problem. We will post more information in this article when the information becomes available.

↑ Back to the top


File hash information
File nameSHA1 hashSHA256 hash
kb2428677-x-none.cab84F6286DF13E6B93A9705B5F91152F55C225024D2FD499117A530D8B26413AB45FFB7ECFD8F2BEFFB5B9D58E550899C12F704232
kb24286772010-kb2863919-fullfile-x64-glb.exe40043FEEC9F89695C22927074883AA9D381D8B39D73A6AED2A72C40AD1ED9CB9904A18856C50629B29AC074056219FF1C2C0CA29
kb24286772010-kb2863919-fullfile-x86-glb.exe955AB046A3267D26D405B139FDAD0F1C4B0151580B5929C95F44FB4540D64BE371D391E2EEFB861CE7FF740292983368EBF9FB1F
office-kb2878304-fullfile-enu.exe698AE4AC7B43760FE18D306CDED55DE90DF8E579F974DD24FCA3021B79908DB6BD27FD8C3E0E844631D2E2F8A0BEBC7020F854BE
office2003-kb2878303-fullfile-enu.exeD3B434449A65F57B171520432F22A7D8FBB28E30B1996F28AE06263FDFECD5727FB5F57DD08DB2AE0212AD1330E509D1AC8BA089
wac2010-kb2878221-fullfile-x64-glb.exeDBE134930FC06C61C60BDA1C7CAF99933CE817D89A582D40F4D92C6BE2A2B88D1575524257C3ABADC9DDB6EEE54FECDF4E2D7D12
wacserver2013-kb2878219-fullfile-x64-glb.com1C2A41EF7BD7A488F5B6B59D587CA3854B505107BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482
wacwfe-x-none.cab6BC849AEB392C26A780D6F18235202A0F1635C78C44397B6B305B325056D0904FAA862336EFEB433E36642AAE78825B2C4EF75B4
wdsrv-x-none.cab339197E759CB1EC8433C0779C1106190EE6E6C9A1A6A639F619B8AC89968A71D86E9683C9DBEFE81E1FD0051BEFC6073CE60CAA6
wdsrv2010-kb2878220-fullfile-x64-glb.exe95B5D9D062AA3056DD5DAD2D8DB35F5017D830BD9A7EDBD94A36E8EEC7A10383E854156335583F25C79BA406FD6292EE1C625DD0
wdsrv2013-kb2863907-fullfile-x64-glb.com1C2A41EF7BD7A488F5B6B59D587CA3854B505107BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482
winword.cab279A31F2376C3660950C7F06510B46D3C498A71EFB5B84337FEA9045F7E880D651DB5306B3AE79B611E01AB934305AB8F205236C
word-x-none.cab4BD19FF8CA9D05E388F1EAB8419FE16927B72BE7FCD67C549C83EE9E44685247D96358EE0B601541B3D92C72728FB3D0E1F3FBD6
word2007-kb2878237-fullfile-x86-glb.exe09EBD8FBC87C1BEE1D0A225049CF05A39F56AD42A75A5D26795C6508B7ADD79BDC9C679FABAC7C4A7D6F44C493831C087E79B025
word2010-kb2863926-fullfile-x64-glb.exe2DEB6470A7BB6D3ACAAA245CBD32E90E211501D05D0AC2F18A8E9C28113DD4BB39DE6EDB9788ADBB4EE457C5A2110D95A8EBD7CF
word2010-kb2863926-fullfile-x86-glb.exe4443EE157D41A1D1B607DA9A5DB7460AB10E0268614BF3CB0865196712688809E49A822F38CD3A0FDA54F4128D4A26A8CD1B28B5
word2013-kb2863910-fullfile-x86-glb.com87BA717A5AF4DF194A9BAE62896803DE1F1ECB416EEAAC3E286489D7B2BD8BB55C47A68B60FEE7A18D029D0D0765F592182BB201
wordconv-x-none.cab2FBC7FA50DB766AB345E51CAE28B807B2DD2893C574CE7400C9C639E66D72F05DA9EFBAA242CA71DF633FB9DF434B6341E754B9D
wordconv2007-kb2878236-fullfile-x86-glb.exeF73D78151781E07B86F9124FDF590FD42CC7041D94DC02B8337FBACFC955A5C3E579073E36B7A899E4120323751D0C08476E5524
wordview.cabB530CBB154E5F51101912C61024EBE98996B578CB8F30F3401765973AEEB761BC65EFEC9817675D4E1AE2E0D3F1649E41F1E7B2E

↑ Back to the top


Keywords: kb, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbmustloc, kblangall, kbfix, kbexpertiseinter, kbbug, atdownload

↑ Back to the top

Article Info
Article ID : 2949660
Revision : 1
Created on : 1/7/2017
Published on : 4/8/2014
Exists online : False
Views : 441