TrueType Font Parsing Vulnerability in Microsoft Windows and Office Products
CVE-2012-0159

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Office; Windows 8
Vendor: CVE Published:; 9 May 2012

Summary

This vulnerability allows attackers to execute arbitrary code on affected systems through a specially crafted TrueType font file. When a user views or interacts with a document or web page containing the malicious font, it may lead to the execution of unauthorized actions, compromising the security of the user's environment. Affected versions include multiple releases of Windows operating systems and various editions of Microsoft Office and Silverlight.

References

http://secunia.com/advisories/49121

third-party-advisoryx_refsource_SECUNIA

http://www.us-cert.gov/cas/techalerts/TA12-164A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1027039

vdb-entryx_refsource_SECTRACK

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 9, 2012
Vulnerability Reserved
Dec 13, 2011