Microsoft Office Remote Code Execution Vulnerability (2639185) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-028.

Impact

Successful exploitation could allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-028

Insight

The flaw is due to an error in the Works Converter and can be exploited to cause a heap-based buffer overflow via a specially crafted Works '.wps' file.

Affected

Microsoft Works 6 to 9 File Converter Microsoft Office 2007 Service Pack 2 and prior

References

http://secunia.com/advisories/48723/
http://technet.microsoft.com/en-us/security/bulletin/MS12-028
http://www.securitytracker.com/id/1026910
http://xforce.iss.net/xforce/xfdb/74556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0177

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
Message Queuing Remote Code Execution Vulnerability (951071)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
.NET JIT Compiler Vulnerability
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

Take action and discover your vulnerabilities