CVE-2012-0177

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Microsoft Works versions 6 through 9

Description A heap-based buffer overflow issue exists in the Office Works File Converter, allowing remote attackers to execute arbitrary code via a crafted Works file. This issue enables an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts.

Recommendations For Microsoft Office 2007 SP2, update to a version that includes the fix for this issue. For Microsoft Works versions 6 through 9, consider disabling the Works File Converter until a patch is available. Restrict access to the Works File Converter to minimize the risk of exploitation.