Advisory Details

November 15th, 2012

Microsoft Office 2007 RTF Mismatch Remote Code Execution Vulnerability

ZDI-12-186
ZDI-CAN-1402

CVE ID CVE-2012-0183
CVSS SCORE 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Office
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['12309']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://technet.microsoft.com/en-us/security/bulletin/ms12-029
DISCLOSURE TIMELINE
  • 2011-11-29 - Vulnerability reported to vendor
  • 2012-11-15 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES