1. CVE-Search
  2. CVE-2012-0183
ID CVE-2012-0183
Summary Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS12-029
bulletin_url
date 2012-05-08T00:00:00
impact Remote Code Execution
knowledgebase_id 2680352
knowledgebase_url
severity Critical
title Vulnerability in Microsoft Word Could Allow Remote Code Execution
oval via4
accepted 2014-06-30T04:05:40.358-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Word 2003 is installed
    oval oval:org.mitre.oval:def:475
  • comment Microsoft Word 2007 is installed
    oval oval:org.mitre.oval:def:2074
  • comment Microsoft Office Compatibility Pack is installed
    oval oval:org.mitre.oval:def:1853
description Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
family windows
id oval:org.mitre.oval:def:15327
status accepted
submitted 2012-05-08T13:00:00
title RTF Mismatch Vulnerability
version 22
refmap via4
bid 53344
cert TA12-129A
sectrack 1027035
secunia 49111
xf microsoft-office-rtf-code-execution(75122)
Last major update 12-10-2018 - 22:02
Published 09-05-2012 - 00:55
Last modified 12-10-2018 - 22:02
Back to Top