1. Home
  2. CVE Database
  3. CVE-2012-0165
HIGH · 9.3

CVE-2012-0165

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attacker...

Vulnerability Description

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftOffice2003
MicrosoftWindows Server 2008-
MicrosoftWindows Vista-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2012-0165?

CVE-2012-0165 is a vulnerability with a CVSS score of 9.3 (HIGH). GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attacker...

How severe is CVE-2012-0165?

CVE-2012-0165 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0165?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Windows Server 2008, Microsoft Windows Vista.