CVE-2012-0167Improper Input Validation in Microsoft Office

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
64.5%
top 1.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedMay 9
Latest updateMay 4

Description

Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office2003, 2007+1

🔴Vulnerability Details

1
GHSA
GHSA-8v2x-wq4g-x3vj: Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary c2022-05-04

🕵️Threat Intelligence

1
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 9
CVE-2012-0167 — Improper Input Validation in Microsoft | cvebase