CVE-2012-2528

Опубликовано: 09 окт. 2012

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."

Ссылки

http://www.securityfocus.com/bid/55781
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA12-283A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680
http://www.securityfocus.com/bid/55781
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA12-283A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.5685

Средний

9.3 Critical

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-gh9p-wvxj-wc5x

github

больше 3 лет назад