Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0005

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-0005
Last Modified 06 Mar 2013 11:50:20
Published 10 Jan 2012 04:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0005

Summary

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

MS - MS12-003

SECTRACK - 1026495

BID - 51270

SECUNIA - 47479

CERT - TA12-010A

Related Patches

MS12-003 Security Update for Windows Server 2003 (KB2646524)

MS12-003 Security Update for Windows Vista (KB2646524)

MS12-003 Security Update for Windows XP (KB2646524)

MS12-003 Security Update for Windows Server 2008 (KB2646524)

MS12-003 Security Update for Windows Server 2008 x64 (KB2646524)

MS12-003 Security Update for Windows Server 2003 x64 (KB2646524)

MS12-003 Security Update for Windows Vista for x64 (KB2646524)


Last Updated: 27 May 2016 10:57:18