CVE-2012-0183

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3, 2007 SP2, 2007 SP3 Microsoft Office for Mac versions 2008, 2011 Office Compatibility Pack versions SP2, SP3

Description A remote code execution issue exists due to the way Microsoft Office software parses specially crafted Rich Text Format (RTF) data. This could allow an attacker to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights.

Recommendations For Microsoft Office 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office 2007 SP2 and SP3, update to a version that is not affected by this issue. For Microsoft Office for Mac 2008 and 2011, update to a version that is not affected by this issue. For Office Compatibility Pack SP2 and SP3, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of RTF data in Microsoft Office until a patch is available.