Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: Threats Vulnerability protection Microsoft Windows DirectWrite vulnerability could allow denial of service

Vulnerability protection

Windows DirectWrite vulnerability could allow denial of service


Report ID: MS201203003
Date Published: 14 March 2012

Criticality: Moderate
Compromise Type: denial-of-service
Compromise From: remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2





Summary

A vulnerability found in Windows DirectWrite could be exploited into causing a target application to stop responding.



Detailed Description

Microsoft has issued a security update to resolve a denial of service vulnerability found in DirectWrite, which is a text rendering API. The vulnerability was caused by incorrect rendering of a sequence of Unicode characters. Upon successful exploit, an attacker could cause a target application to stop responding.

This vulnerability has been resolved in the update issued by Microsoft, which introduces changes in the way that DirectWrite renders Unicode characters. Users are recommended to install this update to protect their system from potential exploit attempt.



CVE Reference

CVE-2012-0156



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-019)



Source

Microsoft Security Bulletin MS12-019



F-Secure Health Check



Health Check

 
Evaluate your computer's security and see recommended updates for popular programs.

 

Try it

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.

 

Read F-Secure advisories