Home / bulletins MS12-046 - Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) - Version: 2.0
Posted on 13 November 2012
ImportantSeverity Rating: Important
Revision Note: V2.0 (November 13, 2012): Rereleased bulletin to replace the KB2598361 update with the KB2687626 update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Other versions
- MS12-046 - Version: 1.0
- MS12-046 - Version: 2.0
