Detections
Analytics
MS12-029: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
high Nessus Plugin ID 59037
Language:
Synopsis
A Microsoft Office component installed on the remote host has a memory corruption vulnerability.Description
The version of Office and/or Office Compatibility Pack installed on the remote host has a memory corruption vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted RTF file, resulting in arbitrary code execution.Solution
Microsoft has released a set of patches for Office 2003, 2007, and Office Compatibility Pack.See Also
https://www.zerodayinitiative.com/advisories/ZDI-12-186/
https://seclists.org/fulldisclosure/2012/Nov/112
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-029
Plugin Details
Severity: High
ID: 59037
File Name: smb_nt_ms12-029.nasl
Version: 1.21
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 5/9/2012
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.0
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word, cpe:/a:microsoft:office_compatibility_pack
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/8/2012
Vulnerability Publication Date: 5/8/2012
Reference Information
CVE: CVE-2012-0183
BID: 53344