Vulnerability Details : CVE-2012-0165
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
Vulnerability category: Input validationExecute code
Products affected by CVE-2012-0165
- cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0165
87.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0165
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-0165
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0165
-
http://www.securitytracker.com/id?1027038
Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/53347
Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621
Repository / Oval Repository
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75125
Microsoft Windows GDI+ EMF code execution CVE-2012-0165 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
Microsoft Security Bulletin MS12-034 - Critical | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
Jump to