CVE-2012-0217
Public Exploits 4
Metasploit · 1 intel_sysret_priv_esc.rb [exploit]
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2012-0217
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows Server ‘User Mode Scheduler’ 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows Server 2008是美国微软(Microsoft)公司的一套服务器操作系统。 基于x64平台的Microsoft Windows Server 2008 R2和R2 SP1版本,Windows 7 Gold和SP1版本中的内核中的User Mode Scheduler中存在漏洞,该漏洞源于未正确处理系统请求。本地用户可利用该漏洞通过特制的应用程序获取权限。也称“用户模式任务调度器内存破坏漏洞”。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2012-0217
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2012-0217
请登录查看更多情报信息。
- https://www.illumos.org/issues/2873x_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlx_refsource_CONFIRM
- http://support.citrix.com/article/CTX133161x_refsource_CONFIRM
- http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/x_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=813428x_refsource_CONFIRM
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042vendor-advisoryx_refsource_MS
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.ascvendor-advisoryx_refsource_NETBSD
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2012-0217
Same Patch Batch · n/a · 2012-06-12 · 24 CVEs total
| CVE-2012-1872 | Microsoft Internet Explorer EUC-JP字符编码跨站脚本漏洞 | |
| CVE-2012-0677 | Apple iTunes缓冲区溢出漏洞 | |
| CVE-2012-1882 | Microsoft Internet Explorer信息泄露漏洞 | |
| CVE-2012-1881 | Microsoft Internet Explorer ‘OnRowsInserted’ 任意代码执行漏洞 | |
| CVE-2012-1880 | Microsoft Internet Explorer ‘insertRow’ 任意代码执行漏洞 | |
| CVE-2012-1879 | Microsoft Internet Explorer ‘insertAdjacentText’ 任意代码执行漏洞 | |
| CVE-2012-1878 | Microsoft Internet Explorer ‘OnBeforeDeactivate’ 任意代码执行漏洞 | |
| CVE-2012-1877 | Microsoft Internet Explorer Title元素远程代码执行漏洞 | |
| CVE-2012-1876 | Microsoft Internet Explorer Col元素远程代码执行漏洞 | |
| CVE-2012-1875 | Microsoft Internet Explorer ‘ame ID’属性远程代码执行漏洞 | |
| CVE-2012-1874 | Microsoft Internet Explorer开发工具栏远程代码执行漏洞 | |
| CVE-2012-1873 | Microsoft Internet Explorer空字节信息泄露漏洞 | |
| CVE-2012-0173 | Microsoft Windows XP RDP任意代码执行漏洞 | |
| CVE-2012-1868 | Microsoft Windows XP ‘win32k.sys’ 竞争条件漏洞 | |
| CVE-2012-1867 | Microsoft Windows XP ‘win32k.sys’ 整数溢出漏洞 | |
| CVE-2012-1866 | Microsoft Windows XP ‘win32k.sys’ 本地权限提升漏洞 | |
| CVE-2012-1865 | Microsoft Windows XP ‘win32k.sys’ 输入验证错误漏洞 | |
| CVE-2012-1864 | Microsoft Windows XP ‘win32k.sys’ 输入验证错误漏洞 | |
| CVE-2012-1858 | Microsoft Internet Explorer ‘SafeHTML’ 组件跨站脚本漏洞 | |
| CVE-2012-1857 | Microsoft Dynamics AX ‘Enterprise Portal’ 组件跨站脚本漏洞 |
Showing top 20 of 24 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2012-0217
No comments yet