CVE-2012-2897

CVSS V2 High 10 CVSS V3 None

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Overview

CVE ID
CVE-2012-2897

Assigner
cve-coordination@google.com

Vulnerability Status
Modified

Published Version
2012-09-26T10:56:05

Last Modified Date
2020-09-28T12:58:30

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:a:google:chrome::::::::	1	OR	22.0.1229.78
cpe:2.3:a:google:chrome:22.0.1229.0:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.1:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.2:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.3:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.4:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.6:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.7:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.8:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.9:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.10:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.11:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.12:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.14:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.16:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.17:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.18:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.20:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.21:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.22:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.23:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.24:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.25:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.26:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.27:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.28:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.29:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.31:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.32:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.33:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.35:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.36:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.37:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.39:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.48:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.49:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.50:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.51:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.52:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.53:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.54:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.55:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.56:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.57:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.58:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.59:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.60:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.62:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.63:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.64:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.65:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.67:::::::*	1	OR
cpe:2.3:a:google:chrome:22.0.1229.76:::::::*	1	OR
cpe:2.3:o:microsoft:windows_7:-:::::::*	1	OR
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*	1	OR
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*	1	OR
cpe:2.3:o:microsoft:windows_8:-:-:x64:::::*	1	OR
cpe:2.3:o:microsoft:windows_8:-:-:x86:::::*	1	OR
cpe:2.3:o:microsoft:windows_rt:-:::::::*	1	OR
cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	1	OR
cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::	1	OR
cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::	1	OR
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::	1	OR
cpe:2.3:o:microsoft:windows_server_2008::sp2:x86:::::	1	OR
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*	1	OR
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	1	OR
cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	1	OR
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	1	OR
cpe:2.3:o:microsoft:windows_xp::sp3::::::*	1	OR
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

References

Reference URL	Reference Tags
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html	Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=146254
http://www.us-cert.gov/cas/techalerts/TA12-318A.html	US Government Resource
http://www.securitytracker.com/id?1027750
http://secunia.com/advisories/51239
https://exchange.xforce.ibmcloud.com/vulnerabilities/78822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2012-2897
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 17:12:53				Added to TrackCVE