Microsoft Word vulnerabilities could allow remote code execution
Report ID: MS201210001
Date Published: 10 October 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Word Automation Services
Microsoft Office Web Apps 2010
Summary
Two vulnerabilities affecting Microsoft Word and Microsoft Office could allow an attacker to execute arbitrary code and take control of a compromised system.
Detailed Description
Microsoft has released a security update to address two vulnerabilities found in Microsoft Word and Microsoft Office. They were caused by improper handling of memory when parsing Word and RTF files. Upon successful exploitation, each of them could allow an attacker to execute code and potentially take control of a compromised system.
These issues have each been resolved through the latest update, which corrects the way that Word handles memory when parsing specially crafted files. Users are recommended to install this update as a protection measure against potential exploit attempts.
CVE Reference
CVE-2012-0182, CVE-2012-2528
Solution
Install the latest security patch for applicable system, available for download from (http://technet.microsoft.com/en-us/security/bulletin/ms12-064)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
