PT-2012-3595 · Microsoft · Windows Server 2008+6
Published
2012-08-15
·
Updated
2023-12-07
·
CVE-2012-1851
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows XP versions SP2 through SP3
Microsoft Windows Server 2003 version SP2
Microsoft Windows Vista version SP2
Microsoft Windows Server 2008 versions SP2 through R2 SP1
Microsoft Windows 7 versions Gold through SP1
Description
A remote code execution issue exists in the Windows Print Spooler service, allowing remote attackers to execute arbitrary code on an affected system. This could enable an attacker to take complete control of the system, install programs, view, change, or delete data, or create new accounts.
Recommendations
For Microsoft Windows XP versions SP2 through SP3, update to a newer version to mitigate the risk.
For Microsoft Windows Server 2003 version SP2, update to a newer version to mitigate the risk.
For Microsoft Windows Vista version SP2, update to a newer version to mitigate the risk.
For Microsoft Windows Server 2008 versions SP2 through R2 SP1, update to a newer version to mitigate the risk.
For Microsoft Windows 7 versions Gold through SP1, update to a newer version to mitigate the risk.
Fix
RCE
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 7
Windows Print Spooler
Windows Server 2003
Windows Server 2008
Windows Vista
Windows Xp