QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2897

Published: Sep 26, 2012

Modified: Jan 28, 2025

PUBLISHED

Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

google-chrome-cve20122897(78822)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

oval:org.mitre.oval:def:15847

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_SECTRACK

http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html

x_refsource_CONFIRM

https://code.google.com/p/chromium/issues/detail?id=146254

x_refsource_CONFIRM

vendor-advisory

x_refsource_MS

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.