(MS12-079) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

  Severity: CRITICAL
  CVE Identifier: CVE-2012-2539
  Advisory Date: DEC 12, 2012

  DESCRIPTION

This patch addresses a vulnerability in Microsoft Office that could result in remote code execution when successfully exploited via a specially crafted .RTF file. Accordingly, users who open a .RTF email message in Outlook with Microsoft Word as the email viewer can be a means to exploit this vulnerability effectively.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 2
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)
  • Microsoft Word Viewer
  • Microsoft Office Compatibility Pack Service Pack 2
  • Microsoft Office Compatibility Pack Service Pack 3
  • Microsoft SharePoint Server 2010 Service Pack 1
  • Microsoft Office Web Apps 2010 Service Pack 1