VYPR
← All advisories
High severity7.8NVD Advisory· Published Sep 26, 2012· Updated Apr 29, 2026

CVE-2012-2897

CVE-2012-2897

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Affected products

70
  • Google/Chrome53 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 52 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=22.0.1229.78
    • cpe:2.3:a:google:chrome:22.0.1229.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.24:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.26:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.56:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.6:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.62:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.63:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.67:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.76:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:22.0.1229.9:*:*:*:*:*:*:*
  • Microsoft/Windows 73 versions
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • Microsoft/Windows 82 versions
    cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
  • Microsoft/Windows Rt
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20085 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
  • Microsoft/Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • Microsoft/Windows Vista2 versions
    cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • Microsoft/Windows Xp2 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.