CVE-2012-2897

2012-09-2610:56:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-2897

windows font parsing vulnerability

truetype font

memory vulnerability

remote code execution

nvd

google chrome

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.566 Medium

EPSS

Percentile

97.7%

JSON

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka “Windows Font Parsing Vulnerability” or “TrueType Font Parsing Vulnerability.”

CPENameOperatorVersion
google:chromegoogle chromele22.0.1229.78
google:chromegoogle chromeeq22.0.1229.0
google:chromegoogle chromeeq22.0.1229.1
google:chromegoogle chromeeq22.0.1229.2
google:chromegoogle chromeeq22.0.1229.3
google:chromegoogle chromeeq22.0.1229.4
google:chromegoogle chromeeq22.0.1229.6
google:chromegoogle chromeeq22.0.1229.7
google:chromegoogle chromeeq22.0.1229.8
google:chromegoogle chromeeq22.0.1229.9

CPE	Name	Operator	Version
google:chrome	google chrome	le	22.0.1229.78
google:chrome	google chrome	eq	22.0.1229.0
google:chrome	google chrome	eq	22.0.1229.1
google:chrome	google chrome	eq	22.0.1229.2
google:chrome	google chrome	eq	22.0.1229.3
google:chrome	google chrome	eq	22.0.1229.4
google:chrome	google chrome	eq	22.0.1229.6
google:chrome	google chrome	eq	22.0.1229.7
google:chrome	google chrome	eq	22.0.1229.8
google:chrome	google chrome	eq	22.0.1229.9