Executive Summary

Informations
Name CVE-2012-0005 First vendor Publication 2012-01-10
Vendor Cve Last vendor Modification 2023-12-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0005

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14879
 
Oval ID: oval:org.mitre.oval:def:14879
Title: CSRSS Elevation of Privilege Vulnerability
Description: The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0005
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 3
Os 1
Os 2

OpenVAS Exploits

Date Description
2012-01-11 Name : MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerabilit...
File : nvt/secpod_ms12-003.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78206 Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character ...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when parsing specially crafted Unicode characters, allowing a local attacker to gain LocalSystem privileges.

Nessus® Vulnerability Scanner

Date Description
2012-01-10 Name : The remote Windows host has a privilege escalation vulnerability.
File : smb_nt_ms12-003.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/51270
CERT http://www.us-cert.gov/cas/techalerts/TA12-010A.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1026495
SECUNIA http://secunia.com/advisories/47479

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2023-12-07 21:28:01
  • Multiple Updates
2021-05-04 12:18:55
  • Multiple Updates
2021-04-22 01:22:38
  • Multiple Updates
2020-05-23 00:32:32
  • Multiple Updates
2019-02-26 17:19:37
  • Multiple Updates
2018-10-13 05:18:34
  • Multiple Updates
2017-09-19 09:25:06
  • Multiple Updates
2016-08-31 12:03:15
  • Multiple Updates
2016-06-28 18:57:50
  • Multiple Updates
2016-04-26 21:22:32
  • Multiple Updates
2014-02-17 11:06:44
  • Multiple Updates
2013-05-10 22:30:39
  • Multiple Updates
2013-03-07 13:19:40
  • Multiple Updates