MS12-019 MS12-019 - Moderate : Vulnerability in DirectWrite Could Allow Denial of Service (2665364) - Version: 1.0
Version2012-03-13
Severity Rating: Moderate
Revision Note: V1.0 (March 13, 2012): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
Max CVSS
4.3
EPSS Score
2.63%
Published
2012-03-13
Updated
2023-12-07