====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN398
____________________________________________________________________

DATE                : 10/10/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Microsoft Works version 9.

======================================================================
KB2754670
http://technet.microsoft.com/en-us/security/bulletin/MS12-065
______________________________________________________________________


Microsoft Security Bulletin MS12-065 - Important Vulnerability in
Microsoft Works Could Allow Remote Code Execution (KB2754670)

Published Date: October 9, 2012

Version: 1.0


General Information

Executive Summary

This security update resolves a privately reported vulnerability in
Microsoft Works. The vulnerability could allow remote code execution if
a user opens a specially crafted Microsoft Word file using Microsoft
Works. An attacker who successfully exploited this vulnerability could
gain the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.

This security update is rated Important for Microsoft Works 9. For more
information, see the subsection, Affected and Non-Affected Software, in
this section.


Affected Software

Microsoft Works 9

Works Heap Vulnerability - CVE-2012-2550
A remote code execution vulnerability exists in the way that affected
versions of Microsoft Works parse specially crafted Word files. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full
user rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted
than users who operate with administrative user rights.



======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================