Use-After-Free Vulnerability in Microsoft Word Products
CVE-2012-2528

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word Automation Services
Vendor: CVE Published:; 9 October 2012

What is CVE-2012-2528?

A use-after-free vulnerability exists in various Microsoft Word products, allowing attackers to execute arbitrary code through specially crafted RTF documents. This can occur when the software mishandles memory during the processing of such documents. Successful exploitation may provide an attacker with full control over an affected system, including the ability to modify data and execute other malicious operations.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/55781

vdb-entryx_refsource_BID

http://www.us-cert.gov/cas/techalerts/TA12-283A.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
May 9, 2012