CVE-2012-0005

Severity Score

6.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."

El subsistema Cliente/Servidor en tiempo de ejecución (también conocido como CSRSS) en el subsistema Win32 de Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Vista SP2 y Server 2008 SP2, cuando se usa una configuración regional del sistema en chino, japonés o coreano, puede acceder a memoria no inicializada durante el procesamiento de caracteres Unicode, lo que permite a usuarios locales conseguir privilegios a través de una aplicación especificamente desarrollada para este fin. Se trat de un problema también conocido como "Vulnerabilidad de elevación de privilegios de CSRSS".

*Credits: N/A

CVSS Scores

NISTv2 6.9

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-11-09 CVE Reserved
2012-01-10 CVE Published
2024-08-06 CVE Updated
2024-10-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (6)

URL	Tag	Source
http://secunia.com/advisories/47479	Third Party Advisory
http://www.securityfocus.com/bid/51270	Vdb Entry
http://www.securitytracker.com/id?1026495	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA12-010A.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14879	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-003	2023-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"				*		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				*		sp2, x32		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				*		sp2, x64		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2, itanium		Affected
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				*		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Xp Search vendor "Microsoft" for product "Windows Xp"				*		sp2, professional_x64		Affected
Microsoft Search vendor "Microsoft"		Windows Xp Search vendor "Microsoft" for product "Windows Xp"				*		sp3		Affected