ID CVE-2012-0159
Summary Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
References
Vulnerable Configurations
  • Microsoft Office 2003 Service Pack 3
    cpe:2.3:a:microsoft:office:2003:sp3
  • Microsoft Office 2007 Service Pack 2
    cpe:2.3:a:microsoft:office:2007:sp2
  • Microsoft Office 2007 Service Pack 3
    cpe:2.3:a:microsoft:office:2007:sp3
  • Microsoft Office 2010
    cpe:2.3:a:microsoft:office:2010
  • Microsoft Office 2010 Service Pack 1
    cpe:2.3:a:microsoft:office:2010:sp1
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Windows 8 Consumer Preview
    cpe:2.3:o:microsoft:windows_8:consumer_preview
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft Windows Server 2008 R2
    cpe:2.3:o:microsoft:windows_server_2008:r2
  • Microsoft Windows Server 2008 R2 Service Pack 1
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Silverlight 4.0.50401.0
    cpe:2.3:a:microsoft:silverlight:4.0.50401.0
  • Microsoft Silverlight 4.0.50524.00
    cpe:2.3:a:microsoft:silverlight:4.0.50524.00
  • Microsoft Silverlight 4.0.50826.0
    cpe:2.3:a:microsoft:silverlight:4.0.50826.0
  • Microsoft Silverlight 4.0.50917.0
    cpe:2.3:a:microsoft:silverlight:4.0.50917.0
  • Microsoft Silverlight 4.0.51204.0
    cpe:2.3:a:microsoft:silverlight:4.0.51204.0
  • Microsoft Silverlight 4.0.60129.0
    cpe:2.3:a:microsoft:silverlight:4.0.60129.0
  • Microsoft Silverlight 4.0.60310.0
    cpe:2.3:a:microsoft:silverlight:4.0.60310.0
  • Microsoft Silverlight 4.0.60531.0
    cpe:2.3:a:microsoft:silverlight:4.0.60531.0
  • Microsoft Silverlight 4.0.60831.0
    cpe:2.3:a:microsoft:silverlight:4.0.60831.0
  • Microsoft Silverlight 4.1.10111.0
    cpe:2.3:a:microsoft:silverlight:4.1.10111.0
  • Microsoft Silverlight 5.0.60401.0
    cpe:2.3:a:microsoft:silverlight:5.0.60401.0
  • Microsoft Silverlight 5.0.60818.0
    cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc
  • Microsoft Silverlight 5.0.61118.0
    cpe:2.3:a:microsoft:silverlight:5.0.61118.0
CVSS
Base: 9.3 (as of 09-05-2012 - 10:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS12-034
bulletin_url
date 2012-05-08T00:00:00
impact Remote Code Execution
knowledgebase_id 2681578
knowledgebase_url
severity Critical
title Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS12-034.NASL
    description The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data. (CVE-2011-3402) - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159) - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162) - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2012-0164) - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165) - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167) - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0180) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59042
    published 2012-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59042
    title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS12-039.NASL
    description The remote Windows host is potentially affected by the following vulnerabilities : - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files. (CVE-2011-3402, CVE-2012-0159) - An insecure library loading vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. (CVE-2012-1849) - An HTML sanitization vulnerability exists in the way that HTML is filtered. (CVE-2012-1858)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59457
    published 2012-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59457
    title MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_MS12-034.NASL
    description The version of Microsoft Silverlight installed on the remote host is reportedly affected by several vulnerabilities : - Incorrect handling of TrueType font (TTF) files could lead to arbitrary code execution. (CVE-2011-3402 / CVE-2012-0159) - A double-free condition leading to arbitrary code execution could be triggered when rendering specially crafted XAML glyphs. (CVE-2012-0176)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59045
    published 2012-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59045
    title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)
oval via4
  • accepted 2015-08-10T04:00:18.274-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Josh Turpin
      organization Symantec Corporation
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Shane Shaffer
      organization G2, Inc.
    • name Sharath S
      organization SecPod Technologies
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12292
    • comment Microsoft Windows 7 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12627
    • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12567
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12292
    • comment Microsoft Windows 7 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12627
    • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12567
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12583
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12292
    • comment Microsoft Windows 7 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12627
    • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12567
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:12583
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Silverlight 4 is installed
      oval oval:org.mitre.oval:def:14639
    • comment Microsoft Silverlight 5 is installed
      oval oval:org.mitre.oval:def:15148
    • comment Microsoft Office 2003 is installed
      oval oval:org.mitre.oval:def:233
    • comment Microsoft Office 2007 is installed
      oval oval:org.mitre.oval:def:1211
    • comment Microsoft Office 2010 is installed
      oval oval:org.mitre.oval:def:12061
    description Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:15388
    status accepted
    submitted 2012-05-08T13:00:00
    title TrueType Font Parsing Vulnerability (CVE-2012-0159)
    version 106
  • accepted 2014-08-18T04:01:22.478-04:00
    class vulnerability
    contributors
    • name SecPod Team
      organization SecPod Technologies
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Lync 2010 is installed
      oval oval:org.mitre.oval:def:15099
    • comment Microsoft Lync 2010 Attendee (user level install) is installed
      oval oval:org.mitre.oval:def:15641
    • comment Microsoft Lync 2010 Attendee (admin level install) is installed
      oval oval:org.mitre.oval:def:15556
    description Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:15667
    status accepted
    submitted 2012-06-18T15:13:15
    title TrueType Font Parsing Vulnerability (CVE-2012-0159)
    version 13
refmap via4
bid 53335
cert
  • TA12-129A
  • TA12-164A
ms
  • MS12-034
  • MS12-039
sectrack 1027039
secunia
  • 49121
  • 49122
xf microsoft-truetype-code-exec(75124)
Last major update 06-03-2013 - 23:50
Published 08-05-2012 - 20:55
Last modified 12-10-2018 - 18:02
Back to Top