CVE-2012-1890 : win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."

Published 2012-07-10 21:55:06

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2012-1890

Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X86 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1 X86 Edition
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » X86 Edition
cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » X64 Edition
cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1890

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 59 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1890

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-1890

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1890

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047

Microsoft Security Bulletin MS12-047 - Important | Microsoft Docs

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15416

Repository / Oval Repository
http://www.us-cert.gov/cas/techalerts/TA12-192A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-1890

Products affected by CVE-2012-1890

Exploit prediction scoring system (EPSS) score for CVE-2012-1890

CVSS scores for CVE-2012-1890

CWE ids for CVE-2012-1890

References for CVE-2012-1890