Description
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
Various Sources third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027750
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=146254
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51239
Scores
CVSS v3
7.8
EPSS
0.2169
EPSS Percentile
97.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (50)
google/chrome
22.0.1229.0
google/chrome
22.0.1229.1
google/chrome
22.0.1229.2
google/chrome
22.0.1229.3
google/chrome
22.0.1229.4
google/chrome
22.0.1229.6
google/chrome
22.0.1229.7
google/chrome
22.0.1229.8
google/chrome
22.0.1229.9
google/chrome
22.0.1229.10
... and 40 more
Published
Sep 26, 2012
Tracked Since
Feb 18, 2026