CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ChromeCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
googlechrome
𝑥
≤ 22.0.1229.78
googlechrome
22.0.1229.0
googlechrome
22.0.1229.1
googlechrome
22.0.1229.2
googlechrome
22.0.1229.3
googlechrome
22.0.1229.4
googlechrome
22.0.1229.6
googlechrome
22.0.1229.7
googlechrome
22.0.1229.8
googlechrome
22.0.1229.9
googlechrome
22.0.1229.10
googlechrome
22.0.1229.11
googlechrome
22.0.1229.12
googlechrome
22.0.1229.14
googlechrome
22.0.1229.16
googlechrome
22.0.1229.17
googlechrome
22.0.1229.18
googlechrome
22.0.1229.20
googlechrome
22.0.1229.21
googlechrome
22.0.1229.22
googlechrome
22.0.1229.23
googlechrome
22.0.1229.24
googlechrome
22.0.1229.25
googlechrome
22.0.1229.26
googlechrome
22.0.1229.27
googlechrome
22.0.1229.28
googlechrome
22.0.1229.29
googlechrome
22.0.1229.31
googlechrome
22.0.1229.32
googlechrome
22.0.1229.33
googlechrome
22.0.1229.35
googlechrome
22.0.1229.36
googlechrome
22.0.1229.37
googlechrome
22.0.1229.39
googlechrome
22.0.1229.48
googlechrome
22.0.1229.49
googlechrome
22.0.1229.50
googlechrome
22.0.1229.51
googlechrome
22.0.1229.52
googlechrome
22.0.1229.53
googlechrome
22.0.1229.54
googlechrome
22.0.1229.55
googlechrome
22.0.1229.56
googlechrome
22.0.1229.57
googlechrome
22.0.1229.58
googlechrome
22.0.1229.59
googlechrome
22.0.1229.60
googlechrome
22.0.1229.62
googlechrome
22.0.1229.63
googlechrome
22.0.1229.64
googlechrome
22.0.1229.65
googlechrome
22.0.1229.67
googlechrome
22.0.1229.76
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_8
-
microsoftwindows_8
-
microsoftwindows_rt
-
microsoftwindows_server_2003
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_vista
*
microsoftwindows_vista
-
microsoftwindows_xp
*
microsoftwindows_xp
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://secunia.com/advisories/51239
http://www.securitytracker.com/id?1027750
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
https://code.google.com/p/chromium/issues/detail?id=146254
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://secunia.com/advisories/51239
http://www.securitytracker.com/id?1027750
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
https://code.google.com/p/chromium/issues/detail?id=146254
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847