CVE-2012-0001 — Microsoft Windows Server 2008 vulnerability

6 documents5 sources

Severity

9.3CRITICALNVD

CISA7.8

EPSS

51.2%

top 2.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedJan 10

Latest updateMay 4

Description

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-9563-jv23-5rh9: The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP↗2022-05-04

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 2.0.3 - '.png' ReadAV Crash (PoC)↗2012-10-11

▶

Exploit-DB

JPEGsnoop 1.5.2 - WriteAV Crash (PoC)↗2012-10-04

▶

📋Vendor Advisories

CISA

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability↗2022-03-03

▶

💬Community

Bugzilla

CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement↗2012-03-09

▶