CVE-2012-2897
Description
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka Windows Font Parsing Vulnerability or TrueType Font Parsing Vulnerability.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
40.909
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows XP (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2003 (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Vista (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2008 (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 7 (KB2761226) x86 based systems | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 7 (KB2761226) x86 based systems for SP1 | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows XP x64 Edition (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2003 x64 Edition (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Vista for x64-based Systems (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2008 x64 Edition (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 7 for x64-based Systems (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 7 for x64-based Systems (KB2761226) for SP1 | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2008 R2 x64 Edition (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2008 R2 x64 Edition (KB2761226) for SP1 | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 8 (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows 8 for x64-based Systems (KB2761226) | Windows |
| ms12-075: vulnerabilities in windows kernel-mode drivers could allow remote code execution: november 13, 2012 for Windows Server 2012 (KB2761226) | Windows |
| Updates for Google Chrome (66.0.3359.170) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.170) | Windows |
| Updates for Google Chrome (66.0.3359.181) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.181) | Windows |
| Updates for Google Chrome (67.0.3396.62) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.62) | Windows |
| Updates for Google Chrome (67.0.3396.79) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.79) | Windows |
| Updates for Google Chrome (67.0.3396.87) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.87) | Windows |
| Google Chrome (67.0.3396.99) | Windows |
| Google Chrome (x64) (67.0.3396.99) | Windows |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 | Windows |
| Multiple vulnerabilities fixed in Chrome (x64) 22.0.1229.79 | Windows |
| Updates for Google Chrome (66.0.3359.170) (For Ubuntu) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Debian) | Linux |
| Google Chrome (67.0.3396.99) (For Debian) | Linux |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Centos) | Linux |
| Google Chrome (67.0.3396.99) (For Centos) | Linux |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For RedHat) | Linux |
| Google Chrome (67.0.3396.99) (For RedHat) | Linux |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Suse) | Linux |
| Google Chrome (67.0.3396.99) (For Suse) | Linux |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Ubuntu) | Linux |
| Google Chrome (67.0.3396.99) (For Ubuntu) | Linux |
| Multiple vulnerabilities fixed in Chrome 22.0.1229.79 (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-12712 | Security Update for Windows Server 2003 (KB2761226) |
| PATCH-12713 | Security Update for Windows Vista (KB2761226) |
| PATCH-12714 | Security Update for Windows Server 2008 (KB2761226) |
| PATCH-12715 | Security Update for Windows 7 (KB2761226) |
| PATCH-12716 | Security Update for Windows 7 (KB2761226) |
| PATCH-12717 | Security Update for Windows XP x64 Edition (KB2761226) |
| PATCH-12718 | Security Update for Windows Server 2003 x64 Edition (KB2761226) |
| PATCH-12719 | Security Update for Windows Vista for x64-based Systems (KB2761226) |
| PATCH-12720 | Security Update for Windows Server 2008 x64 Edition (KB2761226) |
| PATCH-12721 | Security Update for Windows 7 for x64-based Systems (KB2761226) |
| PATCH-12722 | Security Update for Windows 7 for x64-based Systems (KB2761226) |
| PATCH-12723 | Security Update for Windows Server 2008 R2 x64 Edition (KB2761226) |
| PATCH-12724 | Security Update for Windows Server 2008 R2 x64 Edition (KB2761226) |
| PATCH-12725 | Security Update for Windows 8 (KB2761226) |
| PATCH-12726 | Security Update for Windows 8 for x64-based Systems (KB2761226) |
| PATCH-12727 | Security Update for Windows Server 2012 (KB2761226) |
| PATCH-307513 | Updates for Google Chrome (66.0.3359.170) |
| PATCH-307515 | Updates for Google Chrome (x64) (66.0.3359.170) |
| PATCH-307534 | Updates for Google Chrome (66.0.3359.181) |
| PATCH-307535 | Updates for Google Chrome (x64) (66.0.3359.181) |
| PATCH-307607 | Updates for Google Chrome (67.0.3396.62) |
| PATCH-307608 | Updates for Google Chrome (x64) (67.0.3396.62) |
| PATCH-307641 | Updates for Google Chrome (67.0.3396.79) |
| PATCH-307644 | Updates for Google Chrome (x64) (67.0.3396.79) |
| PATCH-307660 | Updates for Google Chrome (67.0.3396.87) |
| PATCH-307662 | Updates for Google Chrome (x64) (67.0.3396.87) |
| PATCH-307715 | Google Chrome (67.0.3396.99) |
| PATCH-307716 | Google Chrome (x64) (67.0.3396.99) |
| PATCH-313038 | Google Chrome (80.0.3987.122) |
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234