CVE Database · CVE-2012-2539
CVSS v3.1
7.8
EPSS
53.16%
Published
Dec 11, 2012
Modified
Apr 22, 2026
CISA Known Exploited Vulnerability
Added: 2022-03-28 · Due: 2022-04-18
Apply updates per vendor instructions.
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (9)
References (7)