CVE-2012-0165Improper Input Validation in Microsoft Office

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
62.1%
top 1.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedMay 9
Latest updateMay 4

Description

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office2003, 2007, 2010+2

🔴Vulnerability Details

1
GHSA
GHSA-vjg7-x55q-x9jv: GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record2022-05-04

🕵️Threat Intelligence

1
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 9
CVE-2012-0165 — Improper Input Validation in Microsoft | cvebase