Executive Summary
Summary | |
---|---|
Title | Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege |
Informations | |||
---|---|---|---|
Name | KB2639658 | First vendor Publication | 2011-11-03 |
Vendor | Microsoft | Last vendor Modification | 2011-12-13 |
Severity (Vendor) | N/A | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-087 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-087. The vulnerability addressed is the TrueType Font Parsing Vulnerability - CVE-2011-3402. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2639658.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13998 | |||
Oval ID: | oval:org.mitre.oval:def:13998 | ||
Title: | Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15290 | |||
Oval ID: | oval:org.mitre.oval:def:15290 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2011-3402) | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Lync 2010 Microsoft Lync 2010 Attendee |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15645 | |||
Oval ID: | oval:org.mitre.oval:def:15645 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2011-3402) | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 30 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Silverlight 4 Microsoft Silverlight 5 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 1 | |
Os | 3 | |
Os | 1 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
2011-12-14 | Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) File : nvt/secpod_ms11-087.nasl |
2011-11-07 | Name : Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability File : nvt/gb_ms_truetype_font_privilege_elevation_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76843 | Microsoft Windows Win32k TrueType Font Handling Privilege Escalation Microsoft Windows contains a flaw related to the Win32k TrueType font parsing engine that may allow a context-dependent attacker to execute arbitrary code via malicious font data contained in a Word document. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-05-10 | IAVM : 2012-A-0079 - Combined Security Update for Microsoft Office Windows .NET Framework and Silv... Severity : Category I - VMSKEY : V0032304 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50849 - Revision : 1 - Type : FILE-OTHER |
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50848 - Revision : 1 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49423 - Revision : 2 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49422 - Revision : 2 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49421 - Revision : 2 - Type : FILE-OTHER |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29025 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29024 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29023 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | DNS request for known malware domain kjyg.com RuleID : 29022 - Revision : 2 - Type : BLACKLIST |
2014-01-18 | DNS request for known malware domain apfi.biz RuleID : 29021 - Revision : 2 - Type : BLACKLIST |
2014-01-18 | DNS request for known malware domain 4pu.com RuleID : 29020 - Revision : 2 - Type : BLACKLIST |
2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 20735 - Revision : 12 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-06-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Lync. File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : A multimedia application framework installed on the remote Mac OS X host is a... File : macosx_ms12-034.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms12-034.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote Windows kernel is affected by a remote code execution vulnerability. File : smb_nt_ms11-087.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:39 |
|