ByteOS Network

NVD Vulnerability Details :

CVE-2014-2730

Deferred

Source-cve@mitre.org

Published At-05 Apr, 2014 | 14:55

Updated At-12 Apr, 2025 | 10:46

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-399	Primary	nvd@nist.gov

CWE ID: CWE-399

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/archive/1/531722/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/531722/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www.securityfocus.com/archive/1/531722/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/531722/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History