Microsoft Office Word Remote Code Execution Vulnerability (2680352) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-029.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted word document. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Insight

The flaw is due to an error when parsing Rich Text Format (RTF) data and can be exploited to corrupt memory.

Affected

Microsoft Office Word 2003 Service Pack 3 Microsoft Office Word 2007 Service Pack 2 Microsoft Office Word 2007 Service Pack 3 Microsoft Office Compatibility Pack for File Formats Service Pack 2

References

http://support.microsoft.com/kb/2596880
http://support.microsoft.com/kb/2596917
http://support.microsoft.com/kb/2598332
http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0183

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Multiple Vulnerabilities (2861561)
Microsoft DirectShow Remote Code Execution Vulnerability (977935)
Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)

Take action and discover your vulnerabilities