Vulnerability Name: CVE-2012-0159 (CCN-75124) Assigned: 2011-12-13 Published: 2012-05-08 Updated: 2018-10-12 Summary: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-399 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2012-0159 Microsoft Lync / Office Communicator Multiple Vulnerabilities Microsoft Windows Multiple Vulnerabilities Microsoft Office Multiple Vulnerabilities 49121 Microsoft Silverlight Multiple Vulnerabilities 49122 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) Vulnerabilities in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) Vulnerability in Lync Could Allow Remote Code Execution (2834695) Vulnerability in Windows Components Could Allow Remote Code Execution (2848295) Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300) Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Vulnerability in Microsoft Lync Could Allow Information Disclosure Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (3000431) Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Security Update for Microsoft Office to Address Remote Code Execution (3116111) Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Security Update for Microsoft Office to Address Remote Code Execution (3134226) Security Update for Microsoft Office to Address Remote Code Execution (3141806) Security Update for Microsoft Office (3148775) Security Update for Microsoft Office (3155544) Security Update for Office (3163610) Security Updates for Office (3170008) Security Update for Office (3177451) Security Update for Microsoft Office (3185852) Security Update for Microsoft Office (3194063) Security Update for Microsoft Office (3199168) Security Update for Microsoft Office (3204068) Security Update for Microsoft Office (3214291) Security Update for Microsoft Graphics Component (4013075) Security Update for Microsoft Office (4013241) 53335 Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability 1027039 TA12-129A TA12-164A MS12-034 MS12-039 microsoft-truetype-code-exec(75124) microsoft-truetype-code-exec(75124) oval:org.mitre.oval:def:15388 oval:org.mitre.oval:def:15667 Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:* OR cpe:/o:microsoft:windows_8:consumer_preview:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/a:microsoft:office:2003:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010::x32:*:*:*:*:* OR cpe:/a:microsoft:office:2010::x64:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:x32:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp1:x64:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:attendee:*:*:*:*:* Oval Definitions BACK
microsoft office 2003 sp3
microsoft office 2007 sp2
microsoft office 2007 sp3
microsoft office 2010
microsoft office 2010 sp1
microsoft windows 7 *
microsoft windows 7 - sp1
microsoft windows 7 - sp1
microsoft windows 8 consumer_preview
microsoft windows server 2008 * sp2
microsoft windows server 2008 r2
microsoft windows server 2008 r2 sp1
microsoft windows vista - sp2
microsoft windows xp * sp2
microsoft windows xp * sp3
microsoft silverlight 4.0.50401.0
microsoft silverlight 4.0.50524.00
microsoft silverlight 4.0.50826.0
microsoft silverlight 4.0.50917.0
microsoft silverlight 4.0.51204.0
microsoft silverlight 4.0.60129.0
microsoft silverlight 4.0.60310.0
microsoft silverlight 4.0.60531.0
microsoft silverlight 4.0.60831.0
microsoft silverlight 4.1.10111.0
microsoft silverlight 5.0.60401.0
microsoft silverlight 5.0.60818.0 rc
microsoft silverlight 5.0.61118.0
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows xp sp2
microsoft office 2003 sp3
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft office 2007 sp2
microsoft windows vista - sp2
microsoft windows vista - sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7 -
microsoft windows server 2008 - r2
microsoft windows server 2008 r2
microsoft windows server 2008
microsoft .net framework 3.5.1
microsoft office 2010
microsoft office 2010
microsoft .net framework 4.0
microsoft windows 7 - sp1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft silverlight 4.0.50401.0
microsoft .net framework 3.0 sp2
microsoft office 2010 sp1
microsoft office 2010 sp1
microsoft office 2007 sp3
microsoft silverlight 5.0
microsoft lync 2010
microsoft lync 2010
Denotes that component is vulnerable