CVE-2012-2528

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 Word Viewer Office Compatibility Pack versions SP2 and SP3 Word Automation Services on Microsoft SharePoint Server 2010 Office Web Apps 2010 SP1

Description A use-after-free issue in Microsoft Office allows remote attackers to execute arbitrary code via a crafted RTF document. This vulnerability enables an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Word 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2007 SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Word 2010 SP1, update to a newer version to mitigate the risk. For Word Viewer, update to a newer version to mitigate the risk. For Office Compatibility Pack SP2 and SP3, update to a newer version to mitigate the risk. For Word Automation Services on Microsoft SharePoint Server 2010, update to a newer version to mitigate the risk. For Office Web Apps 2010 SP1, update to a newer version to mitigate the risk.