Microsoft Office Word Remote Code Execution Vulnerability (2680352) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-029.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted word document. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Insight

The flaw is due to an error when parsing Rich Text Format (RTF) data and can be exploited to corrupt memory.

Affected

Microsoft Office Word 2003 Service Pack 3 Microsoft Office Word 2007 Service Pack 2 Microsoft Office Word 2007 Service Pack 3 Microsoft Office Compatibility Pack for File Formats Service Pack 2

References

http://support.microsoft.com/kb/2596880
http://support.microsoft.com/kb/2596917
http://support.microsoft.com/kb/2598332
http://technet.microsoft.com/en-us/security/bulletin/MS12-029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0183
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
Cumulative Security Update for Internet Explorer (956390)
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)

Take action and discover your vulnerabilities