Microsoft Office Word Remote Code Execution Vulnerability (2680352) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-029.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted word document. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Insight

The flaw is due to an error when parsing Rich Text Format (RTF) data and can be exploited to corrupt memory.

Affected

Microsoft Office Word 2003 Service Pack 3 Microsoft Office Word 2007 Service Pack 2 Microsoft Office Word 2007 Service Pack 3 Microsoft Office Compatibility Pack for File Formats Service Pack 2

References

http://support.microsoft.com/kb/2596880
http://support.microsoft.com/kb/2596917
http://support.microsoft.com/kb/2598332
http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0183

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Patch for Internet Information Services (Q327696)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft Active Directory Denial of Service Vulnerability (953235)
Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)

Take action and discover your vulnerabilities