CVE-2012-0150
published 2012-02-14CVE-2012-0150: Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to…
PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
24.27%
97.6th percentile
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qjm6-qmv8-v7pg: Buffer overflow in msvcrt
ghsa_unreviewed·2022-05-04
CVE-2012-0150 [HIGH] CWE-119 GHSA-qjm6-qmv8-v7pg: Buffer overflow in msvcrt
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
Red Hat
kernel: excessive in kernel CPU consumption when creating large nested epoll structures
vendor_redhat·2011-02-25·CVSS 4.9
CVE-2011-1083 [MEDIUM] kernel: excessive in kernel CPU consumption when creating large nested epoll structures
kernel: excessive in kernel CPU consumption when creating large nested epoll structures
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Statement: This issue affected the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0150 and RHSA-2012:0862 respectively. There is no plan to address this flaw in Red Hat Enterprise Linux 4. Future updates may address this issue in Red Hat Enterprise MRG.
Package: kernel (Red Hat Enterprise Linux 4) - Will not
No detection rules found.
No public exploits indexed.
http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14631http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14631
2012-02-14
Published