#VU2967 Improper Input Validation in Windows Server and Windows
Vulnerability identifier: #VU2967
Vulnerability risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Windows Server
Operating systems & Components /
Operating system
Windows
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper processing of a malicious TrueType font (.ttf) within t2embed.dll. A remote attacker can create a specially crafted TrueType font file, trick the victim into loading it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Mitigation
Install update from vendor's website:
Windows XP Service Pack 3 (Tablet PC Edition 2005 only):
https://www.microsoft.com/downloads/details.aspx?familyid=b2ea7a8d-a537-441c-8e80-2ba4ac37e320
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=8d341077-8fcd-4666-a27e-2141a04a321e
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6ebaccbc-512b-4f2f-bf2a-8958f012e13f
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bc7bfb79-8eaf-4c22-b1c9-e774c55eb06d
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bf7c9aea-dc18-499f-b456-2c29e9a74a15
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=6414b607-6fb1-4527-b218-c3cb5adfd4d1
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e11d8738-379a-4dfe-b21c-495041d9523a
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9f97c5a4-62ee-4e4f-8811-a43545d76327
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=360adbed-a451-44ed-8675-ca5624ef1cf3
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d5a6d617-8ef6-42fa-a325-c15fa7ece7aa
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c65df271-8b7d-46d3-81b3-87c0ad05e8d0
Windows 7 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=31607fd8-fae8-47a0-971e-0e68be67fb5a
Windows 7 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=f4d52649-4afc-4c01-b275-93818152f6b7
Windows 7 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=7aa0b61b-b42c-4d60-8a7f-c61cbd25d6d9
Windows 7 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7aa0b61b-b42c-4d60-8a7f-c61cbd25d6d9
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=6f815b10-c60d-4e9b-8283-494036985e93
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=34824de4-0f26-4627-8ddb-23d6b9d6671a
Windows Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=b9172218-8a3f-4b0f-a14d-64db3778f4cc
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b9172218-8a3f-4b0f-a14d-64db3778f4cc
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=47a0df29-f42e-463b-9c15-a93385ff8705
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=4e6d29e1-17fc-4670-9e69-988c040f06e2
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=34824de4-0f26-4627-8ddb-23d6b9d6671a
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=34824de4-0f26-4627-8ddb-23d6b9d6671a
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0abbf09c-8828-4524-8b38-e34faefa2ae4
Microsoft Office 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=b9a27671-883a-4ab7-b86f-99730a9af729
Microsoft Office 2007 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b9a27671-883a-4ab7-b86f-99730a9af729
Microsoft Office 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=c355d598-ff4d-4cac-afa9-2de3236a7d71
Microsoft Office 2010 Service Pack 1 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=c355d598-ff4d-4cac-afa9-2de3236a7d71
Microsoft Office 2010 (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=91619bcc-9d5d-4011-a185-c405758782be
Microsoft Office 2010 Service Pack 1 (64-bit editions):
https://www.microsoft.com/downloads/details.aspx?familyid=91619bcc-9d5d-4011-a185-c405758782be
Microsoft Silverlight 4 when installed on Mac:
https://www.microsoft.com/downloads/details.aspx?familyid=8ea4fc68-7b03-43f6-bc41-af47e7aa8c7b
Microsoft Silverlight 4 when installed on all supported releases of Microsoft Windows clients:
https://www.microsoft.com/downloads/details.aspx?familyid=8ea4fc68-7b03-43f6-bc41-af47e7aa8c7b
Microsoft Silverlight 4 when installed on all supported releases of Microsoft Windows servers:
https://www.microsoft.com/downloads/details.aspx?familyid=8ea4fc68-7b03-43f6-bc41-af47e7aa8c7b
Microsoft Silverlight 5 when installed on Mac:
https://www.microsoft.com/downloads/details.aspx?familyid=fb1258e2-f3df-4a3d-b809-abec619a0c63
Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows clients:
https://www.microsoft.com/downloads/details.aspx?familyid=fb1258e2-f3df-4a3d-b809-abec619a0c63
Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows servers:
https://www.microsoft.com/downloads/details.aspx?familyid=fb1258e2-f3df-4a3d-b809-abec619a0c63
Vulnerable software versions
Windows Server: 2003 - 2008
Windows: Vista, 7, XP
External links
http://technet.microsoft.com/en-us/library/security/ms12-034
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
