CVE-2012-2897

HIGH

Microsoft Windows < - Memory Corruption

Title source: llm
STIX 2.1

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
Various Sources third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027750
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51239

Scores

CVSS v3 7.8
EPSS 0.2169
EPSS Percentile 97.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-119
Status published
Products (50)
google/chrome 22.0.1229.0
google/chrome 22.0.1229.1
google/chrome 22.0.1229.2
google/chrome 22.0.1229.3
google/chrome 22.0.1229.4
google/chrome 22.0.1229.6
google/chrome 22.0.1229.7
google/chrome 22.0.1229.8
google/chrome 22.0.1229.9
google/chrome 22.0.1229.10
... and 40 more
Published Sep 26, 2012
Tracked Since Feb 18, 2026