CVE-2012-0159

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview Office versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 Silverlight versions 4 before 4.1.10329 Silverlight versions 5 before 5.1.10411

Description A remote code execution issue exists in the way affected components handle a specially crafted TrueType font file. This could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview, update to a version that includes the fix for the TrueType font parsing issue. For Office versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1, update to a version that includes the fix for the TrueType font parsing issue. For Silverlight versions 4 before 4.1.10329, update to version 4.1.10329 or later. For Silverlight versions 5 before 5.1.10411, update to version 5.1.10411 or later. As a temporary workaround, consider avoiding the use of specially crafted TrueType font files until a patch is available.