ID CVE-2012-1867
Summary Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • Microsoft Windows 2003 Server Service Pack 2 Itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium
  • cpe:2.3:o:microsoft:windows_7:-:x86
    cpe:2.3:o:microsoft:windows_7:-:x86
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:itanium
  • Windows Server 2008 R2 for x64-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:r2:x64
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Windows Server 2008 Service Pack 2 x86
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86
  • Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium
  • Microsoft Windows Server 2008 r2 Service Pack 1 Itanium
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium
  • Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows XP Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64
CVSS
Base: 7.2 (as of 13-06-2012 - 09:11)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS12-041
bulletin_url
date 2012-06-12T00:00:00
impact Elevation of Privilege
knowledgebase_id 2709162
knowledgebase_url
severity Important
title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS12-041.NASL
description The remote Windows host is affected by several vulnerabilities in the Kernel-Mode drivers that could allow elevation of privilege : - Flaws in the way the Windows kernel-mode drivers manage driver objects could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1864, CVE-2012-1865, CVE-2012-1866) - Windows kernel-mode drivers do not properly allocate memory when handling fonts, which could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1867) - A race condition exists in the way that the kernel deals with specific thread creation attempts. This could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1868)
last seen 2019-02-21
modified 2018-11-15
plugin id 59459
published 2012-06-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=59459
title MS12-041: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
oval via4
accepted 2013-05-06T04:01:31.503-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Sharath S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6150
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows 7 is installed
    oval oval:org.mitre.oval:def:12541
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12583
  • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12567
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
description Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:15510
status accepted
submitted 2012-06-18T13:31:23
title Font Resource Refcount Integer Overflow Vulnerability (CVE-2012-1867)
version 71
refmap via4
cert TA12-164A
ms MS12-041
Last major update 06-03-2013 - 23:53
Published 12-06-2012 - 18:55
Last modified 26-02-2019 - 09:04
Back to Top