Lucene search

K

[email protected]NVD:CVE-2012-0159

HistoryMay 09, 2012 - 12:55 a.m.

CVE-2012-0159

2012-05-0900:55:01

CWE-399

[email protected]

web.nvd.nist.gov

3

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.704

Percentile

98.1%

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka “TrueType Font Parsing Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2003sp3

OR

microsoftofficeMatch2007sp2

OR

microsoftofficeMatch2007sp3

OR

microsoftofficeMatch2010

OR

microsoftofficeMatch2010sp1

OR

microsoftwindows_7

OR

microsoftwindows_7Match-sp1x64

OR

microsoftwindows_7Match-sp1x86

OR

microsoftwindows_8Matchconsumer_preview

OR

microsoftwindows_server_2008sp2

OR

microsoftwindows_server_2008Matchr2

OR

microsoftwindows_server_2008Matchr2sp1

OR

microsoftwindows_vistaMatch-sp2

OR

microsoftwindows_xpsp2

OR

microsoftwindows_xpsp3

Node

microsoftsilverlightMatch4.0.50401.0

OR

microsoftsilverlightMatch4.0.50524.00

OR

microsoftsilverlightMatch4.0.50826.0

OR

microsoftsilverlightMatch4.0.50917.0

OR

microsoftsilverlightMatch4.0.51204.0

OR

microsoftsilverlightMatch4.0.60129.0

OR

microsoftsilverlightMatch4.0.60310.0

OR

microsoftsilverlightMatch4.0.60531.0

OR

microsoftsilverlightMatch4.0.60831.0

OR

microsoftsilverlightMatch4.1.10111.0

OR

microsoftsilverlightMatch5.0.60401.0

OR

microsoftsilverlightMatch5.0.60818.0rc

OR

microsoftsilverlightMatch5.0.61118.0

References

secunia.com/advisories/49121

secunia.com/advisories/49122

www.securityfocus.com/bid/53335

www.securitytracker.com/id?1027039

www.us-cert.gov/cas/techalerts/TA12-129A.html

www.us-cert.gov/cas/techalerts/TA12-164A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

exchange.xforce.ibmcloud.com/vulnerabilities/75124

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.704

Percentile

98.1%

Related for NVD:CVE-2012-0159

symantec1 cvelist1 seebug1 prion1 securityvulns3 cve1 checkpoint_advisories1 zdi1 openvas6 kaspersky1 nessus3 mskb1