Microsoft Windows 7/Server 2003/Server 2008/Vista/XP True Type Fonts resource management
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.4 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP (Operating System). Affected is an unknown code of the component True Type Fonts. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
The weakness was published 06/12/2012 by Matthew Jurczyk (j00ru) with Google Security Team as MS12-041 as confirmed bulletin (Microsoft Technet). The advisory is shared for download at technet.microsoft.com. The public release has been coordinated with the vendor. This vulnerability is traded as CVE-2012-1867 since 03/22/2012. The attack needs to be approached locally. A authentication is needed for exploitation. Technical details are unknown but a private exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 59459 (MS12-041: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90812 (Microsoft Windows Kernel-Mode Drivers Elevation of Privileges Vulnerability (MS12-041)).
Applying the patch MS12-041 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (59459), SecurityFocus (BID 53819†), OSVDB (82857†), Secunia (SA49436†) and SecurityTracker (ID 1027154†). Similar entries are available at VDB-5519, VDB-5521, VDB-5522 and VDB-5528.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.4
CNA Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Access: Private
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 59459
Nessus Name: MS12-041: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 902917
OpenVAS Name: Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS12-041
Timeline
03/22/2012 🔍06/12/2012 🔍
06/12/2012 🔍
06/12/2012 🔍
06/12/2012 🔍
06/12/2012 🔍
06/12/2012 🔍
06/13/2012 🔍
06/13/2012 🔍
10/17/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS12-041
Researcher: Matthew Jurczyk (j00ru)
Organization: Google Security Team
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2012-1867 (🔍)
OVAL: 🔍
SecurityFocus: 53819
Secunia: 49436 - Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities, Less Critical
OSVDB: 82857 - Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow
SecurityTracker: 1027154 - Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges
Vulnerability Center: 35319 - [MS12-041] Microsoft Windows Font Resource Refcount Integer Overflow Vulnerability, High
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 06/13/2012 12:01 PMUpdated: 10/17/2024 11:04 PM
Changes: 06/13/2012 12:01 PM (55), 08/19/2018 07:51 PM (26), 03/25/2021 12:26 PM (8), 03/25/2021 12:30 PM (2), 03/25/2021 12:34 PM (1), 10/17/2024 11:04 PM (26)
Complete: 🔍
Cache ID: 18:D4F:40
No comments yet. Languages: en.
Please log in to comment.