CVE-2012-0159

CWE-3994 documents4 sources

Severity

9.3CRITICAL

EPSS

64.6%

top 1.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Silverlight Microsoft Windows 8 +1 more

Timeline

PublishedMay 9

Latest updateMay 4

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_8consumer_preview

▶NVDmicrosoft/silverlight13 versions+12

▶NVDmicrosoft/office2003, 2007, 2010+2

🔴Vulnerability Details

GHSA

GHSA-m7wq-qxgm-cqgm: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Win↗2022-05-04

▶

CVEList

CVE-2012-0159: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Win↗2012-05-09

▶

VulnCheck

Microsoft Windows TrueType Font Parsing Vulnerability Remote Code Execution↗2012

▶