CVE-2012-0004
published 2012-01-10CVE-2012-0004: Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2…
PriorityP260critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
22.55%
97.4th percentile
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_xp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 13
blogs_zscaler·CVSS 8.1
[HIGH] Zscaler Protects against Microsoft's Patch Cycle | Round 13
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2012-6100 moodle: Information leak through activity report (MSA-13-0004)
bugzilla·2013-01-22·CVSS 4.0
CVE-2012-6100 [MEDIUM] CVE-2012-6100 moodle: Information leak through activity report (MSA-13-0004)
CVE-2012-6100 moodle: Information leak through activity report (MSA-13-0004)
A security flaw was found in the way Moodle, a course management system, enforced hidden field requirement on the last access item of the Activity report. When a last access item was requested to be hidden, it was still displayed in the Activity Report.
References:
[1] http://www.openwall.com/lists/oss-security/2013/01/21/1
Relevant upstream patch:
[2] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340
Discussion:
This issue did NOT affect the versions of the moodle package, as shipped with Fedora release of 16, 17, 18, and Fedora EPEL 6 (those moodle package versions are already updated and contain the fix).
--
This issue affects the version of the moodle package, as shipped with F
http://secunia.com/advisories/47485http://www.securityfocus.com/bid/51295http://www.securitytracker.com/id?1026492http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832http://secunia.com/advisories/47485http://www.securityfocus.com/bid/51295http://www.securitytracker.com/id?1026492http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832
2012-01-10
Published