CVE-2012-4786 — Code Injection in Microsoft Windows 7

CWE-94 — Code Injection4 documents3 sources

Severity

10.0CRITICALNVD

EPSS

55.3%

top 1.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 7 Microsoft Windows Server 2008

Timeline

PublishedDec 12

Latest updateMay 14

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_7gold

🔴Vulnerability Details

GHSA

GHSA-p283-83gq-48jq: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Wind↗2022-05-14

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Smart Install Denial of Service Vulnerability↗2012-03-28

▶

Cisco

Cisco IOS Software Smart Install Denial of Service Vulnerability↗

▶