Microsoft Windows Kernel-Mode Drivers Multiple Font Parsing Vulnerabilities
Last Update Date:
10 Jan 2013
Release Date:
12 Dec 2012
5332
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
- OpenType Font Parsing Vulnerability
A remote code execution vulnerability exists in the way that affected components handle a specially crafted OpenType font file. The vulnerability could allow remote code execution if a user opens a specially crafted OpenType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. - TrueType Font Parsing Vulnerability
A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font files. The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Impact
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8
- Windows Server 2012
- Windows RT
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms12-078
Vulnerability Identifier
Source
Related Link
Share with