CVE-2012-2528

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word Automation Services
Vendor: CVE Published:; 9 October 2012

Summary

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/55781

vdb-entryx_refsource_BID

http://www.us-cert.gov/cas/techalerts/TA12-283A.html

third-party-advisoryx_refsource_CERT

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
May 9, 2012

Collectors

NVD DatabaseMitre Database