Vulnerabilities in Microsoft Word Can Allow Remote Code Execution
( MS12-064, CVE-2012-2528, CVE-2012-0182 )
Two vulnerabilities have been discovered in Microsoft Word; one is ranked Critical in severity and the other is ranked High. Successful exploitation of either one could allow an attacker to execute malicious code on the system under attack. The Check Point IPS Software Blade provides immediate protection of unpatched systems.
The first vulnerability, "RTF File listid Use-after-free", concerns the way that Word handles specially crafted Rich Text Format (RTF) files. The second issue, "Word PAPX Section Corruption", is due to how Word handles specially crafted Word files. Successful exploitation could allow an attacker to take complete control of the targeted system.
In the case of the RTF vulnerability, the user does not need to explicitly open a malicious RTF file -- it can be triggered merely by having the preview pane enabled in Microsoft Office and then selecting (single-clicking) the file.
Check Point recommends deploying the update described in MS12-064 as soon as is practical. In the meantime, the Check Point IPS Software Blade provides protection for unpatched systems in the latest IPS update by detecting and blocking transferal of malformed RTF and Word files. For more information about the IPS updates and affected products, see CPAI-2012-629 and CPAI-2012-611.
Last Updated: 10-Oct-2012