Vulnerabilities > CVE-2012-2529 - Numeric Errors vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 13 |
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS12-068 |
| bulletin_url | |
| date | 2012-10-09T00:00:00 |
| impact | Elevation of Privilege |
| knowledgebase_id | 2724197 |
| knowledgebase_url | |
| severity | Important |
| title | Vulnerability in Windows Kernel Could Allow Elevation of Privilege |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS12-068.NASL |
| description | The remote host is running a Windows kernel version that is affected by an integer overflow vulnerability. A local attacker could exploit this to execute arbitrary code with elevated privileges. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 62463 |
| published | 2012-10-10 |
| reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/62463 |
| title | MS12-068: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) |
Oval
| accepted | 2012-11-26T04:00:15.317-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:15867 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2012-10-17T09:29:34 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | Windows Kernel Integer Overflow Vulnerability - MS12-068 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 72 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 55793 CVE(CAN) ID: CVE-2012-2529 Microsoft Windows是微软发布的非常流行的操作系统。 Windows Kernel不正确地处理了内存对象,存在权限提升漏洞,可导致在内核模式下运行任意代码。 0 Microsoft Windows 7 Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Editi Microsoft Windows Server 2003 Datacenter Editi 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-068)以及相应补丁: MS12-068:Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-068.asp |
| id | SSV:60432 |
| last seen | 2017-11-19 |
| modified | 2012-10-11 |
| published | 2012-10-11 |
| reporter | Root |
| title | Microsoft Windows Kernel 'Win32k.sys'整数溢出权限提升漏洞(MS12-068) |