Vulnerability Details : CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."

Vulnerability category: Memory CorruptionExecute codeDenial of service

Published 2012-12-12 00:55:01

Updated 2018-10-12 22:03:08

Source Microsoft Corporation

View at NVD, CVE.org

CVE-2012-2539 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Word Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Microsoft Word allows attackers to execute remote code or cause a denial-of-service via crafted RTF data.

Added on 2022-03-28 Action due date 2022-04-18

Exploit prediction scoring system (EPSS) score for CVE-2012-2539

Probability of exploitation activity in the next 30 days: 74.96%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2539

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-2539

CWE-399

Assigned by: [email protected] (Primary)

References for CVE-2012-2539

Products affected by CVE-2012-2539

Microsoft » Word » Version: 2003 Update SP3
cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2007 Update SP2
cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2007 Update SP3
cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2010 Update SP1
cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office Word Viewer
cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps » Version: 2010 Update SP1
cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
Matching versions