Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Word vulnerability could allow remote code execution


Report ID: MS201212003
Date Published: 12 December 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Word Automation Services
Microsoft Office Web Apps 2010
 




Summary

A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on an affected system, if successfully exploited.




Detailed Description

Microsoft has issued a security update for Microsoft Word to resolve a vulnerability that exists when parsing specially crafted RTF-formatted data. Upon successful exploitation, an attacker could run arbitrary code and take control of an affected system.

This issue has been resolved through the update, which introduces a modification in the way that Microsoft Office parses RTF-formatted data. To protect their system from possible exploit attempts, users are recommended to install the update.



CVE Reference

CVE-2012-2539



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-079)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.