CVE-2012-0165

EPSS 62.11%
Published 09.05.2012 00:55:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Updatesp2

Microsoft ≫ Office Version2007 Updatesp3

Microsoft ≫ Office Version2010

Microsoft ≫ Office Version2010 Updatesp1

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Vista Version- Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	62.11%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/49121

http://www.us-cert.gov/cas/techalerts/TA12-129A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034

http://www.securityfocus.com/bid/53347

http://www.securitytracker.com/id?1027038

https://exchange.xforce.ibmcloud.com/vulnerabilities/75125

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621

https://nvd.nist.gov/vuln/detail/CVE-2012-0165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0165

EUVD