CVE-2012-0167

EPSS 65.94%
Published 09.05.2012 00:55:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Updatesp2

Microsoft ≫ Office Version2007 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	65.94%	0.983

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/49121

http://www.us-cert.gov/cas/techalerts/TA12-129A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034

http://www.securitytracker.com/id?1027038

http://www.securityfocus.com/bid/53351

https://exchange.xforce.ibmcloud.com/vulnerabilities/75126

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15628

https://nvd.nist.gov/vuln/detail/CVE-2012-0167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0167

EUVD