CVE-2011-3402

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 13 years ago

2011-11-04 21:55:00

Last updated 5 years ago

2019-02-26 14:04:00

Affected Software

Microsoft Windows 7 64-bit Service Pack 1 (initial release)

Microsoft Windows 7 x86 Service Pack 1

Microsoft Windows Server 2003 Service Pack 2

Windows Server 2008 Service Pack 2 for 32-bit systems

Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)

Microsoft Windows Server 2008 Service Pack 2

Microsoft Windows Server 2008 r2 Service Pack 1 Itanium

r2

Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)

r2

Microsoft Windows Vista Service Pack 2

Microsoft Windows Vista Service Pack 2 x64 (64-bit)

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Service Pack 3

References

http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files

http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx

http://isc.sans.edu/diary/Duqu+Mitigation/11950

49121

Vendor Advisory

49122

Vendor Advisory

http://technet.microsoft.com/security/advisory/2639658

Vendor Advisory

http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two

1027039

http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

TA11-347A

US Government Resource

TA12-129A

US Government Resource

TA12-164A

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf

US Government Resource

MS11-087

MS12-034

MS12-039

oval:org.mitre.oval:def:13998

oval:org.mitre.oval:def:15290

oval:org.mitre.oval:def:15645

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.