<< Back
CVE Number Vulnerability Product Severity Date
MS12-019 Vulnerability in DirectWrite Could Allow Denial of Service (2665364) Windows Vista Medium 14-03-2012

Technical Information

Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters.
Detailed Information on the risk:

A denial of service vulnerability exists in the way that DirectWrite renders a specially crafted sequence of Unicode characters. An attacker who successfully exploited this vulnerability could cause a target application to stop responding.


Further information on this exploit is available at : MS12-019

Affected Software

Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Vista Service Pack 2