CVE-2012-0165
Microsoft Office and Windows GDI+ - Remote Code Execution via EMF Image Record Type
Title source: llmDescription
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49121
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75125
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53347
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027038
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Scores
EPSS
0.2520
EPSS Percentile
97.7%
Details
CWE
CWE-20
Status
published
Products (5)
microsoft/office
2003 sp3
microsoft/office
2007 sp2 (2 CPE variants)
microsoft/office
2010 (2 CPE variants)
microsoft/windows_server_2008
microsoft/windows_vista
Published
May 09, 2012
Tracked Since
Feb 18, 2026