CVE-2012-2897

EUVD-2012-2877
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 22.0.1229.78
googlechrome
22.0.1229.0
googlechrome
22.0.1229.1
googlechrome
22.0.1229.2
googlechrome
22.0.1229.3
googlechrome
22.0.1229.4
googlechrome
22.0.1229.6
googlechrome
22.0.1229.7
googlechrome
22.0.1229.8
googlechrome
22.0.1229.9
googlechrome
22.0.1229.10
googlechrome
22.0.1229.11
googlechrome
22.0.1229.12
googlechrome
22.0.1229.14
googlechrome
22.0.1229.16
googlechrome
22.0.1229.17
googlechrome
22.0.1229.18
googlechrome
22.0.1229.20
googlechrome
22.0.1229.21
googlechrome
22.0.1229.22
googlechrome
22.0.1229.23
googlechrome
22.0.1229.24
googlechrome
22.0.1229.25
googlechrome
22.0.1229.26
googlechrome
22.0.1229.27
googlechrome
22.0.1229.28
googlechrome
22.0.1229.29
googlechrome
22.0.1229.31
googlechrome
22.0.1229.32
googlechrome
22.0.1229.33
googlechrome
22.0.1229.35
googlechrome
22.0.1229.36
googlechrome
22.0.1229.37
googlechrome
22.0.1229.39
googlechrome
22.0.1229.48
googlechrome
22.0.1229.49
googlechrome
22.0.1229.50
googlechrome
22.0.1229.51
googlechrome
22.0.1229.52
googlechrome
22.0.1229.53
googlechrome
22.0.1229.54
googlechrome
22.0.1229.55
googlechrome
22.0.1229.56
googlechrome
22.0.1229.57
googlechrome
22.0.1229.58
googlechrome
22.0.1229.59
googlechrome
22.0.1229.60
googlechrome
22.0.1229.62
googlechrome
22.0.1229.63
googlechrome
22.0.1229.64
googlechrome
22.0.1229.65
googlechrome
22.0.1229.67
googlechrome
22.0.1229.76
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_8
-
microsoftwindows_8
-
microsoftwindows_rt
-
microsoftwindows_server_2003
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_vista
*
microsoftwindows_vista
-
microsoftwindows_xp
*
microsoftwindows_xp
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://secunia.com/advisories/51239
http://www.securitytracker.com/id?1027750
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
https://code.google.com/p/chromium/issues/detail?id=146254
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://secunia.com/advisories/51239
http://www.securitytracker.com/id?1027750
http://www.us-cert.gov/cas/techalerts/TA12-318A.html
https://code.google.com/p/chromium/issues/detail?id=146254
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847