CVE-2012-0150 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Server 2008

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

59.8%

top 1.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedFeb 14

Latest updateMay 4

Description

Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-qjm6-qmv8-v7pg: Buffer overflow in msvcrt↗2022-05-04

▶

📋Vendor Advisories

Red Hat

kernel: excessive in kernel CPU consumption when creating large nested epoll structures↗2011-02-25

▶

🕵️Threat Intelligence

Zscaler

Zscaler Protects against Microsoft's Patch Cycle | Round 12↗

▶