Vulnerabilities > CVE-2012-0159 - Resource Management Errors vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS12-034 |
| bulletin_url | |
| date | 2012-05-08T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2681578 |
| knowledgebase_url | |
| severity | Critical |
| title | Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-034.NASL description The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data. (CVE-2011-3402) - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159) - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162) - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2012-0164) - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165) - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167) - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0180) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848) last seen 2020-06-01 modified 2020-06-02 plugin id 59042 published 2012-05-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59042 title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59042); script_version("1.49"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id( "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0165", "CVE-2012-0167", "CVE-2012-0176", "CVE-2012-0180", "CVE-2012-0181", "CVE-2012-1848" ); script_bugtraq_id( 50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358, 53360, 53363 ); script_xref(name:"MSFT", value:"MS12-034"); script_xref(name:"IAVA", value:"2012-A-0079"); script_xref(name:"EDB-ID", value:"18894"); script_xref(name:"ZDI", value:"ZDI-12-131"); script_xref(name:"MSKB", value:"2589337"); script_xref(name:"MSKB", value:"2596672"); script_xref(name:"MSKB", value:"2596792"); script_xref(name:"MSKB", value:"2598253"); script_xref(name:"MSKB", value:"2636927"); script_xref(name:"MSKB", value:"2656405"); script_xref(name:"MSKB", value:"2656407"); script_xref(name:"MSKB", value:"2656409"); script_xref(name:"MSKB", value:"2656410"); script_xref(name:"MSKB", value:"2656411"); script_xref(name:"MSKB", value:"2658846"); script_xref(name:"MSKB", value:"2659262"); script_xref(name:"MSKB", value:"2660649"); script_xref(name:"MSKB", value:"2676562"); script_xref(name:"MSKB", value:"2686509"); script_xref(name:"MSKB", value:"2690729"); script_name(english:"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)"); script_summary(english:"Checks the version of multiple files."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data. (CVE-2011-3402) - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159) - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162) - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2012-0164) - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165) - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167) - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0180) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-131/"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Aug/60"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-034"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0, 3.5.1, and 4.0; and Silverlight 4 and 5."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:silverlight"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies( "smb_hotfixes.nasl", "office_installed.nasl", "silverlight_detect.nasl", "ms_bulletin_checks_possible.nasl" ); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS12-034'; kbs = make_list( '2589337', '2596672', '2596672', '2596792', '2598253', '2636927', '2656405', '2656407', '2656409', '2656410', '2656411', '2658846', '2659262', '2660649', '2676562', '2686509', '2690729' ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); vuln = 0; ####################### # KB2686509 # ####################### winver = get_kb_item('SMB/WindowsVersion'); spver = get_kb_item('SMB/CSDVersion'); prodname = get_kb_item('SMB/ProductName'); if (spver) spver = int(ereg_replace(string:spver, pattern:'.*Service Pack ([0-9]).*', replace:"\1")); if ( winver && spver && prodname && ((winver == '5.2' && spver == 2) || (winver == '5.1' && spver == 3)) ) { if (winver == '5.2' && spver == 2 && 'XP' >< prodname) reg_name = "SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2686509\Description"; else if (winver == '5.2' && spver == 2) reg_name = "SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2686509\Description"; else if (winver == '5.1' && spver == 3) reg_name = "SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2686509\Description"; registry_init(); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); desc = get_registry_value(handle:hklm, item:reg_name); RegCloseKey(handle:hklm); close_registry(); if (isnull(desc)) { hotfix_add_report(' According to the registry, KB2686509 is missing.\n', bulletin:bulletin, kb:"2686509"); vuln++; } } rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); path = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1$", string:rootfile); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); hcf_init = TRUE; get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); office_versions = hotfix_check_office_version(); cdir = hotfix_get_commonfilesdir(); ################################################################ # Office Checks # ################################################################ ############################# # Office 2003 SP3 KB2598253 # ############################# if (office_versions["11.0"]) { office_sp = get_kb_item("SMB/Office/2003/SP"); if (!isnull(office_sp) && office_sp == 3) { path = hotfix_get_officeprogramfilesdir(officever:'11.0') + "\Microsoft Office\Office11"; if (hotfix_is_vulnerable(file:"Gdiplus.dll", version:"11.0.8345.0", min_version:"11.0.0.0", path:path, bulletin:bulletin, kb:'2598253')) vuln++; } } ############################# # Office 2007 SP2 # # KB2596672, KB2596792 # ############################# if (office_versions["12.0"]) { office_sp = get_kb_item("SMB/Office/2007/SP"); if (!isnull(office_sp) && (office_sp == 2 || office_sp == 3)) { path = cdir + "\Microsoft Shared\Office12"; if (hotfix_is_vulnerable(file:"Ogl.dll", version:"12.0.6659.5000", path:path, bulletin:bulletin, kb:'2596672')) vuln++; path = cdir + "\Microsoft SHared\MODI\12.0"; if (hotfix_is_vulnerable(file:"Mspcore.dll", version:"12.0.6658.5001", path:path, bulletin:bulletin, kb:'2596792')) vuln++; } } ############################# # Office 2010 KB2589337 # ############################# if (office_versions["14.0"]) { office_sp = get_kb_item("SMB/Office/2010/SP"); if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1)) { path = cdir + "\Microsoft Shared\Office14"; if (hotfix_is_vulnerable(file:"Ogl.dll", version:"14.0.6117.5001", path:path, bulletin:bulletin, kb:'2589337')) vuln++; } } # Silverlight 4.x / 5.x slfix = NULL; slkb = NULL; ver = get_kb_item("SMB/Silverlight/Version"); if (ver =~ '^4\\.' && ver_compare(ver:ver, fix:'4.1.10329.0') == -1) { slfix = '4.1.10329'; slkb = '2690729'; } else if (ver =~ '^5\\.' && ver_compare(ver:ver, fix:'5.1.10411.0') == -1) { slfix = '5.1.10411'; slkb = '2636927'; } if (slfix) { path = get_kb_item("SMB/Silverlight/Path"); report += '\n Product : Microsoft Silverlight' + '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + slfix + '\n'; hotfix_add_report(report, bulletin:bulletin, kb:slkb); vuln++; } if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) { if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else audit(AUDIT_OS_SP_NOT_VULN); } if (!is_accessible_share()) exit(1, "is_accessible_share() failed."); ################################################################ # .NET Framework Checks # ################################################################ net3path = hotfix_get_programfilesdir() + "\Reference Assemblies\Microsoft\Framework\v3.0"; if (!isnull(net3path)) { # .NET Framework 3.0 on Windows XP / Windows Server 2003 missing = 0; missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"3.0.6920.4021", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"3.0.6920.5810", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"3.0.6920.4021", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"3.0.6920.5810", min_version:"3.0.6920.5700", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656407"); vuln += missing; # .NET Framework 3.0 on Windows Vista / Windows Server 2008 missing = 0; missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"3.0.6920.4213", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"3.0.6920.5794", min_version:"3.0.6920.5700", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656409"); vuln += missing; # .NET Framework 3.5.1 on Windows 7 / Server 2008 R2 missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"PresentationCore.dll", version:"3.0.6920.5809", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"PresentationCore.dll", version:"3.0.6920.5005", min_version:"3.0.6920.5000", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656410"); vuln += missing; # .NET Framework 3.5.1 on Windows 7 SP1 / Server 2008 R2 SP1 missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"PresentationCore.dll", version:"3.0.6920.5794", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"PresentationCore.dll", version:"3.0.6920.5448", min_version:"3.0.6920.5000", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2633873"); vuln += missing; } # .NET Framework 4.0 on all supported versions of Windows missing = 0; missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.1", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.1", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656405"); vuln += missing; ################################################################ # Windows Checks # ################################################################ ####################### # KB2676562 # ####################### missing = 0; # Windows 7 / 2008 R2 missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.21955", min_version:"6.1.7601.21000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.17803", min_version:"6.1.7601.17000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.21179", min_version:"6.1.7600.20000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.16988", min_version:"6.1.7600.16000", dir:"\system32"); # Windows Vista / 2008 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.22831", min_version:"6.0.6002.22000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.18607", min_version:"6.0.6002.18000", dir:"\system32"); # Windows 2003 / XP 64-bit missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Win32k.sys", version:"5.2.3790.4980", dir:"\system32"); # Windows XP 32-bit missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Win32k.sys", version:"5.1.2600.6206", dir:"\system32"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2676562'); vuln+= missing; ################################ # WinSxS Checks # ################################ winsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1\WinSxS", string:rootfile); ####################### # KB2659262 # ####################### kb = '2659262'; files = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft.windows.gdiplus', file_pat:'^gdiplus\\.dll$'); # Windows XP / 2003 vuln += hotfix_check_winsxs(os:'5.1', sp:3, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb); vuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb); # Windows Vista / 2008 versions = make_list('5.2.6002.18581', '5.2.6002.22795', '6.0.6002.18581', '6.0.6002.22795'); max_versions = make_list('5.2.6002.20000', '5.2.6002.99999', '6.0.6002.20000', '6.0.6002.99999'); vuln += hotfix_check_winsxs(os:'6.0', sp:2, files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); # Windows 7 / 2008 R2 versions = make_list('5.2.7600.17007', '5.2.7600.21198', '5.2.7601.17825', '5.2.7601.21977', '6.1.7600.17007', '6.1.7600.21198', '6.1.7601.17825', '6.1.7601.21977'); max_versions = make_list('5.2.7600.20000', '5.2.7600.99999', '5.2.7601.20000', '5.2.7601.99999', '6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '6.1.7601.99999'); vuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); ####################### # KB2658846 # ####################### kb = '2658846'; files = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft-windows-directwrite', file_pat:'^Dwrite\\.dll$'); # Windows Vista / Windows Server 2008 vuln += hotfix_check_winsxs(os:'6.0', files:files, versions:make_list('7.0.6002.18592', '7.0.6002.22807'), max_versions:make_list('7.0.6002.20000', '7.0.6002.99999'), bulletin:bulletin, kb:kb); # Windows 7 2008 R2 versions = make_list('6.1.7600.16972', '6.1.7600.21162', '6.1.7601.17789', '6.1.7601.21935'); max_versions = make_list('6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', ''); vuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); ####################### # KB2660649 # ####################### kb = '2660649'; # Windows XP / Windows Server 2003 #(hotfix_check_sp(xp:4, win2003:3) > 0 && (version_cmp(a:ver, b:'1.7.2600.6189') >= 0)) || base_path = hotfix_get_programfilesdir(); if (!base_path) base_path = hotfix_get_programfilesdirx86(); if (!base_path) audit(AUDIT_PATH_NOT_DETERMINED, "Common Files"); full_path = hotfix_append_path(path:base_path, value:"\windows journal"); if ( # Vista hotfix_is_vulnerable(os:"6.0", sp:2, file:"jnwdrv.dll", version:"0.3.6002.22789", min_version:"0.3.6002.20000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:2, file:"jnwdrv.dll", version:"0.3.6002.18579", min_version:"0.3.6002.18000", path:full_path, bulletin:bulletin, kb:kb) || # Windows 7 hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7601.21955", min_version:"0.3.7601.18000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7601.17803", min_version:"0.3.7601.16000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7600.21179", min_version:"0.3.7600.18000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7600.16988", min_version:"0.3.7600.16000", path:full_path, bulletin:bulletin, kb:kb) ) vuln += 1; hotfix_check_fversion_end(); ####################### # Report # ####################### if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-039.NASL description The remote Windows host is potentially affected by the following vulnerabilities : - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files. (CVE-2011-3402, CVE-2012-0159) - An insecure library loading vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. (CVE-2012-1849) - An HTML sanitization vulnerability exists in the way that HTML is filtered. (CVE-2012-1858) last seen 2020-06-01 modified 2020-06-02 plugin id 59457 published 2012-06-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59457 title MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) NASL family MacOS X Local Security Checks NASL id MACOSX_MS12-034.NASL description The version of Microsoft Silverlight installed on the remote host is reportedly affected by several vulnerabilities : - Incorrect handling of TrueType font (TTF) files could lead to arbitrary code execution. (CVE-2011-3402 / CVE-2012-0159) - A double-free condition leading to arbitrary code execution could be triggered when rendering specially crafted XAML glyphs. (CVE-2012-0176) last seen 2020-06-01 modified 2020-06-02 plugin id 59045 published 2012-05-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59045 title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)
Oval
accepted 2015-08-10T04:00:18.274-04:00 class vulnerability contributors name Dragos Prisaca organization Symantec Corporation name Josh Turpin organization Symantec Corporation name Sergey Artykhov organization ALTX-SOFT name Shane Shaffer organization G2, Inc. name Sharath S organization SecPod Technologies name Maria Kedovskaya organization ALTX-SOFT name Maria Kedovskaya organization ALTX-SOFT name Maria Kedovskaya organization ALTX-SOFT name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:12583 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:12583 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Silverlight 4 is installed oval oval:org.mitre.oval:def:14639 comment Microsoft Silverlight 5 is installed oval oval:org.mitre.oval:def:15148 comment Microsoft Office 2003 is installed oval oval:org.mitre.oval:def:233 comment Microsoft Office 2007 is installed oval oval:org.mitre.oval:def:1211 comment Microsoft Office 2010 is installed oval oval:org.mitre.oval:def:12061
description Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." family windows id oval:org.mitre.oval:def:15388 status accepted submitted 2012-05-08T13:00:00 title TrueType Font Parsing Vulnerability (CVE-2012-0159) version 109 accepted 2014-08-18T04:01:22.478-04:00 class vulnerability contributors name SecPod Team organization SecPod Technologies name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Microsoft Lync 2010 is installed oval oval:org.mitre.oval:def:15099 comment Microsoft Lync 2010 Attendee (user level install) is installed oval oval:org.mitre.oval:def:15641 comment Microsoft Lync 2010 Attendee (admin level install) is installed oval oval:org.mitre.oval:def:15556
description Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." family windows id oval:org.mitre.oval:def:15667 status accepted submitted 2012-06-18T15:13:15 title TrueType Font Parsing Vulnerability (CVE-2012-0159) version 13
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 53335 CVE ID: CVE-2012-0159 Microsoft Windows是流行的计算机操作系统。 受影响的组件处理特制 TrueType 字体文件的方式中存在一个远程执行代码漏洞。如果用户打开特制的 TrueType 字体文件,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 0 Microsoft Windows XP Professional x64 Edition SP Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows XP Professional SP3 Microsoft Windows Windows XP Professional SP2 Microsoft Windows Windows XP Professional SP1 Microsoft Windows Windows XP Professional Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Home SP3 Microsoft Windows Windows XP Home SP2 Microsoft Windows Windows XP Home SP1 Microsoft Windows Windows XP Home Microsoft Windows Windows XP Gold 0 Microsoft Windows Windows XP Embedded SP3 Microsoft Windows Windows XP Embedded SP2 Microsoft Windows Windows XP Embedded SP1 Microsoft Windows Windows XP Embedded Microsoft Windows Windows XP 64-bit Edition SP1 Microsoft Windows Windows XP 0 Microsoft Windows Windows Vista x64 Edition SP2 Microsoft Windows Windows Vista x64 Edition SP1 Microsoft Windows Windows Vista x64 Edition 0 Microsoft Windows Windows Vista Ultimate SP2 Microsoft Windows Windows Vista Ultimate SP1 Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate Microsoft Windows Windows Vista SP2 Microsoft Windows Windows Vista SP1 Microsoft Windows Windows Vista Home Premium SP2 Microsoft Windows Windows Vista Home Premium SP1 Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium Microsoft Windows Windows Vista Home Basic SP2 Microsoft Windows Windows Vista Home Basic SP1 Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic Microsoft Windows Windows Vista Enterprise SP2 Microsoft Windows Windows Vista Enterprise SP1 Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise Microsoft Windows Windows Vista Business SP2 Microsoft Windows Windows Vista Business SP1 Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista 0 Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 R2 x64 SP1 Microsoft Windows Windows Server 2008 R2 x64 0 Microsoft Windows Windows Server 2008 R2 Itanium Microsoft Windows Windows Server 2008 R2 Itanium Microsoft Windows Windows Server 2008 R2 for x64 Microsoft Windows Windows Server 2008 R2 Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for 32-bit Microsoft Windows Windows Server 2008 for 32-bit Microsoft Windows Windows Server 2008 Enterprise Microsoft Windows Windows Server 2008 Enterprise Microsoft Windows Windows Server 2008 Datacenter Microsoft Windows Windows Server 2008 Datacenter Microsoft Windows Windows Server 2003 x64 SP2 Microsoft Windows Windows Server 2003 x64 SP1 Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 SP2 Microsoft Windows Windows Server 2003 SP1 Microsoft Windows Windows Server 2003 Itanium SP Microsoft Windows Windows Server 2003 Itanium SP Microsoft Windows Windows Server 2003 Itanium 0 Microsoft Windows Windows Server 2003 Gold Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows 7 XP Mode 0 Microsoft Windows Windows 7 Ultimate 0 Microsoft Windows Windows 7 Starter 0 Microsoft Windows Windows 7 RC Microsoft Windows Windows 7 Professional 0 Microsoft Windows Windows 7 Home Premium 0 Microsoft Windows Windows 7 Home Premium - Sp1 X Microsoft Windows Windows 7 Home Premium - Sp1 X Microsoft Windows Windows 7 for x64-based System Microsoft Windows Windows 7 for x64-based System Microsoft Windows Windows 7 for 32-bit Systems S Microsoft Windows Windows 7 for 32-bit Systems 0 Microsoft Windows Silverlight 5.0 Microsoft Windows Silverlight 4.0 Microsoft Windows Office 2010 0 Microsoft Windows Office 2010 (64-bit edition) S Microsoft Windows Office 2010 (64-bit edition) 0 Microsoft Windows Office 2010 (32-bit edition) S Microsoft Windows Office 2010 (32-bit edition) 0 Microsoft Windows Office 2007 0 Microsoft Windows Office 2003 0 Microsoft Windows .NET Framework 4.0 Microsoft Windows .NET Framework 3.5.1 Microsoft Windows + Publisher 2003 Microsoft Windows + PowerPoint 2003 0 Microsoft Windows + Outlook 2003 0 Microsoft Windows + OneNote 2003 0 Microsoft Windows + InfoPath 2003 Microsoft Windows + FrontPage 2003 Microsoft Windows + Excel 2003 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-034)以及相应补丁: MS12-034:Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-034.asp |
| id | SSV:60104 |
| last seen | 2017-11-19 |
| modified | 2012-05-09 |
| published | 2012-05-09 |
| reporter | Root |
| title | Microsoft Windows TrueType字体引擎远程代码执行漏洞(CVE-2012-0159)(MS12-034) |
References
- http://secunia.com/advisories/49121
- http://secunia.com/advisories/49122
- http://www.securityfocus.com/bid/53335
- http://www.securitytracker.com/id?1027039
- http://www.us-cert.gov/cas/techalerts/TA12-129A.html
- http://www.us-cert.gov/cas/techalerts/TA12-164A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75124
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667