Lucene search

K

[email protected]NVD:CVE-2012-0165

HistoryMay 09, 2012 - 12:55 a.m.

CVE-2012-0165

2012-05-0900:55:01

CWE-20

[email protected]

web.nvd.nist.gov

4

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.652

Percentile

97.9%

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka “GDI+ Record Type Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2003sp3

OR

microsoftofficeMatch2007sp2

OR

microsoftofficeMatch2007sp3

OR

microsoftofficeMatch2010

OR

microsoftofficeMatch2010sp1

OR

microsoftwindows_server_2008Match-sp2

OR

microsoftwindows_vistaMatch-sp2

References

secunia.com/advisories/49121

www.securityfocus.com/bid/53347

www.securitytracker.com/id?1027038

www.us-cert.gov/cas/techalerts/TA12-129A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034

exchange.xforce.ibmcloud.com/vulnerabilities/75125

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.652

Percentile

97.9%

Related for NVD:CVE-2012-0165

cve1 seebug1 prion1 cvelist1 symantec1 checkpoint_advisories1 openvas2 mskb1 nessus1 securityvulns1