Published: 09/10/2012 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote malicious users to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft word_automation_services -
microsoft word 2007
microsoft word viewer
microsoft office compatibility pack
microsoft word 2003
microsoft word 2010
microsoft office web apps 2010

Patch Tuesday October 2012 – More Microsoft Word Spearphish Risks

Securelist • Kurt Baumgartner • 10 Oct 2012

Today’s Microsoft updates include a few fixes for remote code execution, and several fixes for escalation of privilege and denial of service flaws. The priority for both general folks and corporate customers running Windows and Office will be to roll out MS12-064 effecting Microsoft Office immediately. Vulnerability CVE-2012-2528 and CVE-2012-0182 is patched by this bulletin, and -2528 predictably will be attacked with more malformed rtf formatted documents. These sorts of files have been deli...

CVE-2012-2528

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect