Microsoft Word vulnerability could allow remote code execution
Report ID: MS201212003
Date Published: 12 December 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Word Automation Services
Microsoft Office Web Apps 2010
Summary
A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on an affected system, if successfully exploited.
Detailed Description
Microsoft has issued a security update for Microsoft Word to resolve a vulnerability that exists when parsing specially crafted RTF-formatted data. Upon successful exploitation, an attacker could run arbitrary code and take control of an affected system.
This issue has been resolved through the update, which introduces a modification in the way that Microsoft Office parses RTF-formatted data. To protect their system from possible exploit attempts, users are recommended to install the update.
CVE Reference
CVE-2012-2539
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-079)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
