| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS12-019 | Vulnerability in DirectWrite Could Allow Denial of Service (2665364) | Windows Vista | Medium | 14-03-2012 |
Technical Information
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters.
Detailed Information on the risk:
A denial of service vulnerability exists in the way that DirectWrite renders a specially crafted sequence of Unicode characters. An attacker who successfully exploited this vulnerability could cause a target application to stop responding.
Further information on this exploit is available at : MS12-019
Affected Software
Windows Vista x64 Edition Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Vista Service Pack 2