CVE-2012-0159

critical

Microsoft

CVSS v3 Base Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

64.6%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: May 9, 2012 (5119 days ago)

Last Modified: April 29, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

CWE

CWE-399

Affected Products

microsoft officemicrosoft windows 7microsoft windows 8microsoft windows server 2008microsoft windows vistamicrosoft windows xpmicrosoft silverlight

References

🔗 secunia.com 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov

CVE-2012-0159

Vulnerability Report

Description

CWE

Affected Products

References