9.3 - CVE-2012-0177

Executive Summary

Informations
Name	CVE-2012-0177	First vendor Publication	2012-04-10
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0177

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15598

Oval ID:	oval:org.mitre.oval:def:15598
Title:	Office WPS Converter Heap Overflow Vulnerability
Description:	Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0177	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft Office 2007 Microsoft Works 9 Microsoft Works 6-9 Converter
Definition Synopsis:
Vulnerable Microsoft Office 2007, Microsoft Works 9, Microsoft Works 6-9 File Converter Microsoft Office 2007 SP2 is installed AND Microsoft Works 9.0 is installed AND Microsoft Works 6-9 File Converter is installed AND the version of Works632.cnv is less than 9.011.0707.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Office cpe:2.3:a:microsoft:office:2007:sp2::::::	1
Application	Microsoft Works cpe:2.3:a:microsoft:works:9.0:::::::*	1
Application	Microsoft Works 6-9 File Converter cpe:2.3:a:microsoft:works_6-9_file_converter:-:::::::*	1

OpenVAS Exploits

Date	Description
2012-04-11	Name : Microsoft Office Remote Code Execution Vulnerability (2639185) File : nvt/secpod_ms12-028.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-04-12	IAVM : 2012-B-0041 - Microsoft Office Works File Convertor Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031984

Snort® IPS/IDS

Date	Description
2015-01-06	Microsoft Works 9 and Word 12 converter heap overflow attempt RuleID : 32644 - Revision : 2 - Type : FILE-OFFICE
2015-01-06	Microsoft Works 9 and Word 12 converter heap overflow attempt RuleID : 32643 - Revision : 2 - Type : FILE-OFFICE
2014-01-10	Microsoft Works 9 and Word 12 converter heap overflow attempt RuleID : 21935 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	Microsoft Works 9 and Word 12 converter heap overflow attempt RuleID : 21794 - Revision : 8 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2012-04-11	Name : The remote Windows host could allow arbitrary code execution. File : smb_nt_ms12-028.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://osvdb.org/81134
http://secunia.com/advisories/48723
http://www.securityfocus.com/bid/52867
http://www.securitytracker.com/id?1026910
http://www.securitytracker.com/id?1026911
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:02:17	Multiple Updates
2024-11-28 12:28:26	Multiple Updates
2021-05-04 12:18:58	Multiple Updates
2021-04-22 01:22:42	Multiple Updates
2020-05-23 00:32:36	Multiple Updates
2018-10-13 05:18:34	Multiple Updates
2017-09-19 09:25:07	Multiple Updates
2016-06-28 18:58:33	Multiple Updates
2016-04-26 21:24:16	Multiple Updates
2015-01-06 21:48:42	Multiple Updates
2014-02-17 11:07:09	Multiple Updates
2014-01-19 21:28:22	Multiple Updates
2013-11-11 12:39:43	Multiple Updates
2013-10-03 21:20:27	Multiple Updates
2013-05-10 22:31:41	Multiple Updates
2013-03-07 13:19:43	Multiple Updates
2012-12-06 13:20:07	Multiple Updates
2012-11-20 13:22:25	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	3
Sources(s)	8
Openvas Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	4
Nessus® Exploit(s)	1

	Related
9.3	TA12-101A
9.3	MS12-028
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

9.3 - CVE-2012-0177

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU