According to Trustwave this is a zero-day.
A private exploit has been developed by Cr4sh and been published 2 weeks after the advisory.
CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012.
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-20 - Improper Input Validation
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to improper managing of Keyboard Layout files by the kernel-mode driver (win32k.sys). A local attacker can execute arbitrary code on vulnerable system with SYSTEM privileges.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Note: the vulnerability was being actively exploited.
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.