Microsoft Office Remote Code Execution Vulnerability (2639185) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-028.

Impact

Successful exploitation could allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-028

Insight

The flaw is due to an error in the Works Converter and can be exploited to cause a heap-based buffer overflow via a specially crafted Works '.wps' file.

Affected

Microsoft Works 6 to 9 File Converter Microsoft Office 2007 Service Pack 2 and prior

References

http://secunia.com/advisories/48723/
http://technet.microsoft.com/en-us/security/bulletin/MS12-028
http://www.securitytracker.com/id/1026910
http://xforce.iss.net/xforce/xfdb/74556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0177

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Cumulative Security Update for Internet Explorer (937143)
Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)

Take action and discover your vulnerabilities