Oval Definition:oval:org.mitre.oval:def:15680
Revision Date:2014-06-30Version:26
Title:RTF File listid Use-After-Free Vulnerability - MS12-064
Description:Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-2528
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Definition Synopsis
  • Word viewer or Word 2k3 and vulnerable file
  • Microsoft Word 2003 is installed
  • AND Check if the version of wordview.exe is less than 11.0.8348
  • AND Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wordview.exe!Path exists
  • OR Word 2007 and vulnerable file
  • Word 2k7 SP2 / SP3
  • Microsoft Word 2007 SP2 is installed
  • OR Microsoft Word 2007 SP3 is installed
  • AND Check if the version of Winword.exe is less than 12.0.6662.5003
  • OR Compatibility pack and vulnerable file
  • Office Compatibility pack SP2 / SP3
  • Microsoft Office Compatibility Pack SP2 is installed
  • OR Microsoft Office Compatibility Pack SP3 is installed
  • AND Check if the version of Wordcnv.dll is less than 12.0.6662.5003
  • OR Sharepoint server 2010 and vulnerable file
  • Check if the version of Msoserver.Dll is less than 14.0.6123.5001
  • AND Microsoft SharePoint Server 2010 Service Pack 1 is installed
  • OR Office Web Apps 2010 and vulnerable file
  • Check if the version of Msoserver.Dll is less than 14.0.6123.5001
  • AND Microsoft Office Web Apps 2010 Service Pack 1 is installed
  • OR Word 2010 and vulnerable file
  • Check if the version of winword.exe is less than 14.0.6123.5005
  • AND Microsoft Word 2010 SP1 is installed
  • OR Word 2003 SP3 and vulnerable file
  • Microsoft Word 2003 SP3 is installed
  • AND Check if the version of winword.exe is less than 11.0.8348
    • BACK