fkie_cve-2012-0159
Vulnerability from fkie_nvd
Published
2012-05-09 00:55
Modified
2024-11-21 01:34
Severity ?
Summary
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
References
secure@microsoft.comhttp://secunia.com/advisories/49121
secure@microsoft.comhttp://secunia.com/advisories/49122
secure@microsoft.comhttp://www.securityfocus.com/bid/53335
secure@microsoft.comhttp://www.securitytracker.com/id?1027039
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA12-129A.htmlUS Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA12-164A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75124
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49121
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49122
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53335
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027039
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75124
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667
Impacted products
Vendor Product Version
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office 2010
microsoft office 2010
microsoft windows_7 *
microsoft windows_7 -
microsoft windows_7 -
microsoft windows_8 consumer_preview
microsoft windows_server_2008 *
microsoft windows_server_2008 r2
microsoft windows_server_2008 r2
microsoft windows_vista -
microsoft windows_xp *
microsoft windows_xp *
microsoft silverlight 4.0.50401.0
microsoft silverlight 4.0.50524.00
microsoft silverlight 4.0.50826.0
microsoft silverlight 4.0.50917.0
microsoft silverlight 4.0.51204.0
microsoft silverlight 4.0.60129.0
microsoft silverlight 4.0.60310.0
microsoft silverlight 4.0.60531.0
microsoft silverlight 4.0.60831.0
microsoft silverlight 4.1.10111.0
microsoft silverlight 5.0.60401.0
microsoft silverlight 5.0.60818.0
microsoft silverlight 5.0.61118.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F68DBEC-7A95-43B4-9174-79F89FC93BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:consumer_preview:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C94582B-EDF8-42C6-B7FB-3E4BB42CBC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9949213D-177C-4CE7-98F2-54EDFDC9039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "6433FA3A-EC9C-42C5-95B2-80CF5D99574A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "064FDFCD-8DBA-4E10-9FFB-7415787653BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B9EAD-2B3F-42D6-85DA-8473BE55EEA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8578CAED-BB11-46B9-B3D4-8BE343E887EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69C9378-4B0D-4BC4-BEA0-466DAFBF6C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B647E12-A0D3-4593-BAB4-4F6277C3CD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E77ED71-B518-493E-9A55-B844B3A79803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02F225D-3990-4A17-879E-4CC54D98ACCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A0B596D-0D19-48FE-84DA-A1D64BAA1DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA0FEB3-5F4B-4B80-A1C8-C266FD94FAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*",
              "matchCriteriaId": "0988E68C-BB81-44B6-977E-33EF7EF6832B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4133E-7BC4-4CE7-B55A-BBB47DE51134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold y SP1, y Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Silverlight v4 anterior a v4.1.10329; y Silverlight v5 anterior a v5.1.10411 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de fuentes TrueType (TTF) manipulado, tambi\u00e9n conocido como \"Vulnerabilidad TrueType Font Parsing \""
    }
  ],
  "id": "CVE-2012-0159",
  "lastModified": "2024-11-21T01:34:29.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-09T00:55:01.380",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/49121"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/49122"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/53335"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1027039"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75124"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.