Home

CVE-2012-0217

Description

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
88.004

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Windows XP (KB2707511)Windows
Security Update for Windows Server 2003 (KB2707511)Windows
Security Update for Windows 7 for x64-based Systems (KB2709715)Windows
Security Update for Windows 7 for x64-based Systems (KB2709715) for SP1Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2709715)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2709715) for SP1Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 6.0Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 6.0.2Windows
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0217)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-12096Security Update for Windows Server 2003 (KB2707511)
PATCH-12097Security Update for Windows 7 for x64-based Systems (KB2709715)
PATCH-12098Security Update for Windows 7 for x64-based Systems (KB2709715)
PATCH-12099Security Update for Windows Server 2008 R2 x64 Edition (KB2709715)
PATCH-12100Security Update for Windows Server 2008 R2 x64 Edition (KB2709715)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234