Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Word vulnerabilities could allow remote code execution


Report ID: MS201210001
Date Published: 10 October 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Word Automation Services
Microsoft Office Web Apps 2010




Summary

Two vulnerabilities affecting Microsoft Word and Microsoft Office could allow an attacker to execute arbitrary code and take control of a compromised system.



Detailed Description

Microsoft has released a security update to address two vulnerabilities found in Microsoft Word and Microsoft Office. They were caused by improper handling of memory when parsing Word and RTF files. Upon successful exploitation, each of them could allow an attacker to execute code and potentially take control of a compromised system.

These issues have each been resolved through the latest update, which corrects the way that Word handles memory when parsing specially crafted files. Users are recommended to install this update as a protection measure against potential exploit attempts.



CVE Reference

CVE-2012-0182, CVE-2012-2528



Solution

Install the latest security patch for applicable system, available for download from (http://technet.microsoft.com/en-us/security/bulletin/ms12-064)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.