← Back

CVE-2012-2528

nvd nist
Published: Oct 9, 2012Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."

Affected (9)

Microsoft
5 products
Word Automation Services
Office Compatibility Pack
Office Web Apps
Word
Word Viewer
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Word Automation Services
All versions
Running on/withPlatform Versions
Microsoft
Sharepoint Server
Version 2010
Configuration B
8 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office Compatibility Pack
All versions
Office Compatibility Pack
All versions
Office Web Apps
Version 2010 sp1
Microsoft
Word
Version 2003 sp3
Word
Version 2007 sp2
Word
Version 2007 sp3
Word
Version 2010 sp1
Word Viewer
All versions

Related CWEs

CWE-399
CWE-399

References (8)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryUS Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.