copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2012.0443 - [Win][OSX] Microsoft Word: Execute a...
 

ESB-2012.0443 - [Win][OSX] Microsoft Word: Execute arbitrary code/commands - Remote with user interaction
Date: 09 May 2012

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0443
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
                                9 May 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Office 2003 Service Pack 3
                   Microsoft Office 2007 Service Pack 2
                   Microsoft Office 2007 Service Pack 3
                   Microsoft Word 2003 Service Pack 3
                   Microsoft Word 2007 Service Pack 2
                   Microsoft Word 2007 Service Pack 3
                   Microsoft Office for Mac
                   Microsoft Office 2008 for Mac
                   Microsoft Office for Mac 2011
                   Other Microsoft Office Software
                   Microsoft Office Compatibility Pack Service Pack 2
                   Microsoft Office Compatibility Pack Service Pack 3
Publisher:         Microsoft
Operating System:  Windows
                   Mac OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0183  

Original Bulletin: 
   http://technet.microsoft.com/en-us/security/bulletin/MS12-029

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS12-029 - Critical
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Published: Tuesday, May 08, 2012

Version: 1.0
General Information
Executive Summary

This security update resolves a privately reported vulnerability in Microsoft 
Office. The vulnerability could allow remote code execution if a user opens a 
specially crafted RTF file. An attacker who successfully exploited the 
vulnerability could gain the same user rights as the current user. Users whose 
accounts are configured to have fewer user rights on the system could be less 
impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Microsoft 
Word 2007. This security update is also rated Important for all supported 
editions of Microsoft Word 2003, Microsoft Office 2008 for Mac, and Microsoft 
Office for Mac 2011; and all supported versions of Microsoft Office 
Compatibility Pack. For more information, see the subsection, Affected and 
Non-Affected Software, in this section.

Affected Software

Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 2 [1]
Microsoft Word 2007 Service Pack 3 [1]
Microsoft Office for Mac
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
Other Microsoft Office Software
Microsoft Office Compatibility Pack Service Pack 2
Microsoft Office Compatibility Pack Service Pack 3

[1] For Microsoft Word 2007, in addition to security update package KB2596917,
customers also need to install the security update for Microsoft Office 
Compatibility Pack (KB2596880) to be protected from the vulnerability described 
in this bulletin.

Vulnerability Information

RTF Mismatch Vulnerability - CVE-2012-0183

A remote code execution vulnerability exists in the way that affected Microsoft 
Office software parses specially crafted Rich Text Format (RTF) data. An 
attacker who successfully exploited this vulnerability could take complete 
control of an affected system. An attacker could then install programs; view, 
change, or delete data; or create new accounts with full user rights. Users 
whose accounts are configured to have fewer user rights on the system could be 
less impacted than users who operate with administrative user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities and 
Exposures list, see CVE-2012-0183.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT6m21+4yVqjM2NGpAQIUuQ/+LO26u15+FvSp52u9LcHxhQ9OvmmV3Ucm
BU1sVMYD89bwS1KklFLLtr+DMfj2drXkdajnRsqgH2m3omusHYz3onDu3hZG9nde
7SWoxg822grSlxycPQCBElV6Q9m1B9kJHzAf5YZdU8y6vuQVDmFB215rkdI6fhmE
UJeEDq9lx3n7XG7qy3ZeIF9ruGJRNuOHNw6kuQGHtFKF5LlEqOmDUC/o/VY7PA9C
iqxqhIHc8reG7oE1vg1MI54iSGlGV/y0bi/wqb2DcX85kC3HFWWARDpjjI2FS0/t
cRbBY56EoQE/HI8VKEcUZVXWVF6L20guTPbXSHIN0OQrI+9kyvHi58WVzG+BxrtP
V2F8fE8il4mEv+D+t0KCBMjRV8y9X0ckVWU5XpqH9yucJSX7j0m6hXb7aM70Bnm6
8enhdGrDqinUwqTGmiVKFFN3ACzA3ue+ExJvf9mHwu74ECpsez4d9gC+gmTilL+X
YC+sOM9GvS43qWjxbeW7KxjcINcfuURkdyLJq1T46PtWWp64H631buWmPiByG+dE
wJavBHAkPx3i/R4rPrRkSh2oko/E0cJCp63uW32be4h0lECHIxKjvL4QYdOrh9rQ
ukRNJQLcoiPOKcPSQs1TH6daOvPDZWzik6VgpJanuhr36v3LTvCVf7WeQpL1Z8dZ
iywHIz8PrDk=
=vBiF
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=15806