System compromise in Microsoft Word

Posted: October 10, 2012 in Vulnerabilities
Tags: , ,

MicrosoftVulnerability: System compromise in Microsoft Word

Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-2528
Impact: System Compromise
Affected Products: Microsoft Word 2003, Office Word 2007, Word 2010, Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, Office 2003 Standard Edition, Office 2003 Student and Teacher Edition, Office 2007, Office 2010

Affected versions:

– Microsoft Office 2003;
– Microsoft Office 2007;
– Microsoft Office 2010;
– Microsoft Word 2003;
– Microsoft Word 2007;
– Microsoft Word 2010;
– Microsoft Word Viewer;
– Microsoft Office Compatibility Pack;
– Word Automation Services on Microsoft SharePoint Server 2010.

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

The vulnerability is caused due to incorrect processing RTF files. This can be exploited via a specially crafted RTF file to execute arbitrary code on the target system.

Manufacturer URL: http://www.microsoft.com/

Solution: To resolve the vulnerability patch from the manufacturer.

Microsoft Word 2003 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=e49eadec-0fe1-43ce-9c25-a92aad17d940

Microsoft Word 2007 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=be58b650-ee4f-405e-ab3c-c28aca48345b

Microsoft Word 2007 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=be58b650-ee4f-405e-ab3c-c28aca48345b

Microsoft Word 2010 Service Pack 1 (32-bit editions)
http://www.microsoft.com/downloads/details.aspx?familyid=27e07115-d569-438c-b95f-203e444d4408

Microsoft Word 2010 Service Pack 1 (64-bit editions)
http://www.microsoft.com/downloads/details.aspx?familyid=30f9efac-3ecd-48a6-adcf-922f4d4d18d4

Microsoft Word Viewer
http://www.microsoft.com/downloads/details.aspx?familyid=1e392ff8-92e9-408d-bb14-1e0a6b4b6c9d

Microsoft Office Compatibility Pack Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=301446f7-991e-4abd-a06e-4a854f05ac84

Microsoft Office Compatibility Pack Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=301446f7-991e-4abd-a06e-4a854f05ac84

Microsoft SharePoint Server 2010 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=3582ab6c-930b-4660-afcd-e2423ce56d8f

Microsoft Office Web Apps 2010 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=e7a2dd61-36d5-4313-a8dc-15456b275b9c

Links:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s