Zero-day vulnerability in Windows
Improper input validation
CVE-2012-0181
According to Trustwave this is a zero-day.
A private exploit has been developed by Cr4sh and been published 2 weeks after the advisory.
CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012.
Vulnerability details
Advisory: SB2012050801 - Multiple vulnerabilities in Microsoft Windows
Vulnerable component: Windows
CVE-ID: CVE-2012-0181
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-20 - Improper input validation
Description:
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to improper managing of Keyboard Layout files by the kernel-mode driver (win32k.sys). A local attacker can execute arbitrary code on vulnerable system with SYSTEM privileges.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Note: the vulnerability was being actively exploited.
Public Exploits:
External links:
https://technet.microsoft.com/en-us/library/security/ms12-034
https://blogs.technet.microsoft.com/srd/2012/05/08/ms12-034-duqu-ten-cves-and-removing-keyboard-layo...
https://www.symantec.com/security_response/vulnerability.jsp?bid=53326
http://www.zdnet.com/article/linux-trailed-windows-in-patching-zero-days-in-2012-report-says/
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1