Lucene search
AnonymousZDI-12-201HistoryDec 21, 2012 - 12:00 a.m.
Microsoft Office Word PAPX Section Remote Code Execution Vulnerability
2012-12-2100:00:00
Anonymous
www.zerodayinitiative.com
19
EPSS
0.869
Percentile
98.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.
Related
prion
prion
Memory corruption
2012-10-09 21:55:00
seebug
seebug
Microsoft Word PAPXθη ΄εθΏη¨δ»£η ζ§θ‘ζΌζ΄οΌMS12-064οΌ
2012-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2012-0182
2012-10-09 21:00:00
cve
cve
CVE-2012-0182
2012-10-09 21:55:00
nvd
nvd
CVE-2012-0182
2012-10-09 21:55:00
openvas
openvas
Microsoft Office Word Remote Code Execution Vulnerabilities (2742319)
2012-10-10 00:00:00
securityvulns
securityvulns
Microsoft Word security vulnerabilities
2012-10-09 00:00:00
nessus
nessus
mskb
mskb