1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Microsoft Word vulnerability could allow remote code execution

Report ID: MS201212003
Date Published: 12 December 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote

Affected Product/Component:

Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Word Automation Services
Microsoft Office Web Apps 2010


A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on an affected system, if successfully exploited.

Detailed Description

Microsoft has issued a security update for Microsoft Word to resolve a vulnerability that exists when parsing specially crafted RTF-formatted data. Upon successful exploitation, an attacker could run arbitrary code and take control of an affected system.

This issue has been resolved through the update, which introduces a modification in the way that Microsoft Office parses RTF-formatted data. To protect their system from possible exploit attempts, users are recommended to install the update.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-079)

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.