CVE-2011-3402

HIGH8.8

CISA KEVHigh EPSS

Description

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft / Windows 7
Microsoft / Windows 7
Microsoft / windows_server_2003
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_server_2008
Microsoft / windows_vista
Microsoft / windows_xp
Microsoft / windows_xp

References

VENDOR_ADVISORYhttp://secunia.com/advisories/49121
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645
MISChttp://www.us-cert.gov/cas/techalerts/TA12-164A.html
MISChttp://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files
MISChttp://www.securitytracker.com/id?1027039
VENDOR_ADVISORYhttp://secunia.com/advisories/49122
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087
MISChttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
MISChttp://www.us-cert.gov/cas/techalerts/TA11-347A.html
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998
MISChttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
MISChttp://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
MISChttp://technet.microsoft.com/security/advisory/2639658
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290
MISChttp://isc.sans.edu/diary/Duqu+Mitigation/11950
MISChttp://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
MISChttp://www.us-cert.gov/cas/techalerts/TA12-129A.html
MISChttp://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx