CVE-2012-1893 : win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."

Published 2012-07-10 21:55:06

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2012-1893

Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X86 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1 X86 Edition
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » X86 Edition
cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » X64 Edition
cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1893

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 59 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1893

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-1893

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1893

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047

Microsoft Security Bulletin MS12-047 - Important | Microsoft Docs

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15654

Repository / Oval Repository
http://www.us-cert.gov/cas/techalerts/TA12-192A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-1893

Products affected by CVE-2012-1893

Exploit prediction scoring system (EPSS) score for CVE-2012-1893

CVSS scores for CVE-2012-1893

CWE ids for CVE-2012-1893

References for CVE-2012-1893