CVE-2014-1761

ENISA EUVD: EUVD-2014-1835 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 3 articles Published: 2014-03-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.36%

probability

This CVE has a 93.36% probability of being exploited in the next 30 days.

0% Top 99.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

Affected Products

n/a

microsoft

office

microsoft

office compatibility pack

microsoft

office web apps

microsoft

office web apps server

microsoft

sharepoint server

n/a

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Exploits & PoC

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017

vendor-advisory x_refsource_MS

http://technet.microsoft.com/security/advisory/2953095

x_refsource_CONFIRM

Signal Intelligence

Confidenceⓘ

85%

EPSS 93.36%

CVSS v3.1 7.8

Mentions 3

Last Seen May 01, 2015

CNA Information

CNA Assigner

microsoft

Analyst Note

CVE-2014-1761 (Microsoft Word zero-day) is explicitly documented as actively exploited in the wild before patch availability. TheHackerNews article [1] confirms Microsoft disclosed both active, targeted attacks and the zero-day status simultaneously, with patches following via Patch Tuesday. This matches the canonical zero-day pattern of exploitation preceding or coinciding with patch release.

Threat Actors 4

Leviathan

apt_group Information theft and espionage 🇨🇳 CN

Kinsing

apt_group 🇷🇺 RU

TeamTNT

apt_group 🇩🇪 DE

RANCOR

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 20, 2026

Published DateMar 24, 2014