CVE-2012-2539
CVE-2012-2539
In short
Microsoft Word versions 2003 through 2010 can crash or allow hackers to run malicious code when opening specially crafted Rich Text Format (RTF) files. This happens because the program doesn't properly check the file's data before processing it.
Technical detail
Out-of-bounds write vulnerability in RTF parsing of Microsoft Word 2003 SP3, 2007 SP2/SP3, 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, and Office Web Apps 2010 SP1. Remote attackers can trigger memory corruption via malicious 'listoverridecount' field in RTF documents, resulting in code execution or denial of service; requires user interaction (file opening).
Summary generated and translated by AI from the official description.
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-079https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16073https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-2539http://www.us-cert.gov/cas/techalerts/TA12-346A.html