MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
2012-10-09 This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Word PAPX Section Corruption Vulnerability
- A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2012-0182 - RTF File listid Use-After-Free Vulnerability
- A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted RTF files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2012-2528
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
86.03%
Published
2012-10-09
Updated
2018-10-12
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
Max CVSS
9.3
EPSS Score
90.86%
Published
2012-10-09
Updated
2018-10-12