Microsoft Office Remote Code Execution Vulnerability (2639185) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-028.

Impact

Successful exploitation could allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-028

Insight

The flaw is due to an error in the Works Converter and can be exploited to cause a heap-based buffer overflow via a specially crafted Works '.wps' file.

Affected

Microsoft Works 6 to 9 File Converter Microsoft Office 2007 Service Pack 2 and prior

References

http://secunia.com/advisories/48723/
http://technet.microsoft.com/en-us/security/bulletin/MS12-028
http://www.securitytracker.com/id/1026910
http://xforce.iss.net/xforce/xfdb/74556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0177
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
Cumulative Security Update for Internet Explorer (933566)
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Take action and discover your vulnerabilities