CVE-2012-0152

Microsoft Windows 7 - Improper Input Validation

Title source: rule

Description

The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."

Exploits (1)

nomisec WORKING POC

by rutvijjethwa · poc

https://github.com/rutvijjethwa/RDP_jammer

View Code ZIP pw:eip

References (5)

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026790

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52354

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14626

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-073A.html

Scores

EPSS 0.8539

EPSS Percentile 99.4%

Details

CWE

CWE-20

Status published

Products (2)

microsoft/windows_7 (4 CPE variants)

microsoft/windows_server_2008 r2 (2 CPE variants)

Published Mar 13, 2012

Tracked Since Feb 18, 2026