cvelistv5 - CVE-2011-3402

CVE-2011-3402 (GCVE-0-2011-3402)

Vulnerability from cvelistv5 – Published: 2011-11-04 21:00 – Updated: 2025-10-22 00:05

CISA

Summary

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

URL

Tags

	http://secunia.com/advisories/49121	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA12-164A.html	third-party-advisoryx_refsource_CERT
	http://blogs.mcafee.com/mcafee-labs/the-day-of-th…	x_refsource_MISC
	http://www.securitytracker.com/id?1027039	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/49122	third-party-advisoryx_refsource_SECUNIA
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.symantec.com/content/en/us/enterprise/…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA11-347A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/control_systems/pdf/ICS-AL…	x_refsource_MISC
	http://www.securelist.com/en/blog/208193197/The_M…	x_refsource_MISC
	http://technet.microsoft.com/security/advisory/2639658	x_refsource_CONFIRM
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://isc.sans.edu/diary/Duqu+Mitigation/11950	x_refsource_MISC
	http://www.symantec.com/connect/w32-duqu_status-u…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA12-129A.html	third-party-advisoryx_refsource_CERT
	http://blogs.technet.com/b/msrc/archive/2011/11/0…	x_refsource_CONFIRM

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-10-06

Due date: 2025-10-27

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.897Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49121",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49121"
          },
          {
            "name": "oval:org.mitre.oval:def:15645",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
          },
          {
            "name": "TA12-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
          },
          {
            "name": "1027039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027039"
          },
          {
            "name": "49122",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49122"
          },
          {
            "name": "MS11-087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
          },
          {
            "name": "TA11-347A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:13998",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://technet.microsoft.com/security/advisory/2639658"
          },
          {
            "name": "MS12-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
          },
          {
            "name": "MS12-039",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
          },
          {
            "name": "oval:org.mitre.oval:def:15290",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
          },
          {
            "name": "TA12-129A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-3402",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-04T03:55:29.370251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-10-06",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:48.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-06T00:00:00+00:00",
            "value": "CVE-2011-3402 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "49121",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49121"
        },
        {
          "name": "oval:org.mitre.oval:def:15645",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
        },
        {
          "name": "TA12-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
        },
        {
          "name": "1027039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027039"
        },
        {
          "name": "49122",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49122"
        },
        {
          "name": "MS11-087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
        },
        {
          "name": "TA11-347A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:13998",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://technet.microsoft.com/security/advisory/2639658"
        },
        {
          "name": "MS12-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
        },
        {
          "name": "MS12-039",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
        },
        {
          "name": "oval:org.mitre.oval:def:15290",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
        },
        {
          "name": "TA12-129A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-3402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49121",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49121"
            },
            {
              "name": "oval:org.mitre.oval:def:15645",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
            },
            {
              "name": "TA12-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
            },
            {
              "name": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files",
              "refsource": "MISC",
              "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
            },
            {
              "name": "1027039",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027039"
            },
            {
              "name": "49122",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49122"
            },
            {
              "name": "MS11-087",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
            },
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf",
              "refsource": "MISC",
              "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
            },
            {
              "name": "TA11-347A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:13998",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
            },
            {
              "name": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two",
              "refsource": "MISC",
              "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
            },
            {
              "name": "http://technet.microsoft.com/security/advisory/2639658",
              "refsource": "CONFIRM",
              "url": "http://technet.microsoft.com/security/advisory/2639658"
            },
            {
              "name": "MS12-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
            },
            {
              "name": "MS12-039",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
            },
            {
              "name": "oval:org.mitre.oval:def:15290",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
            },
            {
              "name": "http://isc.sans.edu/diary/Duqu+Mitigation/11950",
              "refsource": "MISC",
              "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
            },
            {
              "name": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit",
              "refsource": "MISC",
              "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
            },
            {
              "name": "TA12-129A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
            },
            {
              "name": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-3402",
    "datePublished": "2011-11-04T21:00:00.000Z",
    "dateReserved": "2011-09-09T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:48.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2011-3402",
      "dateAdded": "2025-10-06",
      "dueDate": "2025-10-27",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402",
      "product": "Windows",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*\", \"matchCriteriaId\": \"D16A8D29-57BF-4B74-85F2-24DBD8B52BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"B8A32637-65EC-42C4-A892-0E599562527C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFF81F4B-7D92-4398-8658-84530FB8F518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \\\"TrueType Font Parsing Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el motor de an\\u00e1lisis de fuentes TrueType de Win32k en el kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Oro y SP1 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de los datos de la fuente modificada en un documento de Word, como se explot\\u00f3 \\\"in the wild\\\" en noviembre de 2011 por Duqu.\"}]",
      "id": "CVE-2011-3402",
      "lastModified": "2024-11-21T01:30:26.923",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-11-04T21:55:04.693",
      "references": "[{\"url\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/49121\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49122\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://technet.microsoft.com/security/advisory/2639658\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1027039\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/49121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://technet.microsoft.com/security/advisory/2639658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1027039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3402\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-11-04T21:55:04.693\",\"lastModified\":\"2025-10-22T01:15:41.310\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \\\"TrueType Font Parsing Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el motor de an\u00e1lisis de fuentes TrueType de Win32k en el kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Oro y SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los datos de la fuente modificada en un documento de Word, como se explot\u00f3 \\\"in the wild\\\" en noviembre de 2011 por Duqu.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2025-10-06\",\"cisaActionDue\":\"2025-10-27\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Windows Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*\",\"matchCriteriaId\":\"D16A8D29-57BF-4B74-85F2-24DBD8B52BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"B8A32637-65EC-42C4-A892-0E599562527C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFF81F4B-7D92-4398-8658-84530FB8F518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}],\"references\":[{\"url\":\"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://isc.sans.edu/diary/Duqu+Mitigation/11950\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/49121\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/49122\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://technet.microsoft.com/security/advisory/2639658\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1027039\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.edu/diary/Duqu+Mitigation/11950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/49122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://technet.microsoft.com/security/advisory/2639658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://secunia.com/advisories/49121\", \"name\": \"49121\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\", \"name\": \"oval:org.mitre.oval:def:15645\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\", \"name\": \"TA12-164A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1027039\", \"name\": \"1027039\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/49122\", \"name\": \"49122\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\", \"name\": \"MS11-087\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\", \"name\": \"TA11-347A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\", \"name\": \"oval:org.mitre.oval:def:13998\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://technet.microsoft.com/security/advisory/2639658\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\", \"name\": \"MS12-034\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\", \"name\": \"MS12-039\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\", \"name\": \"oval:org.mitre.oval:def:15290\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\", \"name\": \"TA12-129A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T23:29:56.897Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2011-3402\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-04T03:55:29.370251Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-10-06\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-06T00:00:00+00:00\", \"value\": \"CVE-2011-3402 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-03T18:06:51.533Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2011-11-03T00:00:00.000Z\", \"references\": [{\"url\": \"http://secunia.com/advisories/49121\", \"name\": \"49121\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\", \"name\": \"oval:org.mitre.oval:def:15645\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\", \"name\": \"TA12-164A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securitytracker.com/id?1027039\", \"name\": \"1027039\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://secunia.com/advisories/49122\", \"name\": \"49122\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\", \"name\": \"MS11-087\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\", \"name\": \"TA11-347A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\", \"name\": \"oval:org.mitre.oval:def:13998\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://technet.microsoft.com/security/advisory/2639658\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\", \"name\": \"MS12-034\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\", \"name\": \"MS12-039\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\", \"name\": \"oval:org.mitre.oval:def:15290\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\", \"name\": \"TA12-129A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \\\"TrueType Font Parsing Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://secunia.com/advisories/49121\", \"name\": \"49121\", \"refsource\": \"SECUNIA\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645\", \"name\": \"oval:org.mitre.oval:def:15645\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-164A.html\", \"name\": \"TA12-164A\", \"refsource\": \"CERT\"}, {\"url\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"name\": \"http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securitytracker.com/id?1027039\", \"name\": \"1027039\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://secunia.com/advisories/49122\", \"name\": \"49122\", \"refsource\": \"SECUNIA\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\", \"name\": \"MS11-087\", \"refsource\": \"MS\"}, {\"url\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"name\": \"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-347A.html\", \"name\": \"TA11-347A\", \"refsource\": \"CERT\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998\", \"name\": \"oval:org.mitre.oval:def:13998\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"name\": \"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"name\": \"http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two\", \"refsource\": \"MISC\"}, {\"url\": \"http://technet.microsoft.com/security/advisory/2639658\", \"name\": \"http://technet.microsoft.com/security/advisory/2639658\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\", \"name\": \"MS12-034\", \"refsource\": \"MS\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\", \"name\": \"MS12-039\", \"refsource\": \"MS\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290\", \"name\": \"oval:org.mitre.oval:def:15290\", \"refsource\": \"OVAL\"}, {\"url\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"name\": \"http://isc.sans.edu/diary/Duqu+Mitigation/11950\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"name\": \"http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-129A.html\", \"name\": \"TA12-129A\", \"refsource\": \"CERT\"}, {\"url\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"name\": \"http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \\\"TrueType Font Parsing Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2011-3402\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2011-3402\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T20:04:20.877Z\", \"dateReserved\": \"2011-09-09T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2011-11-04T21:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-QV6F-65C9-QP9P

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-10-22 03:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3402"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-04T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\"",
  "id": "GHSA-qv6f-65c9-qp9p",
  "modified": "2025-10-22T03:30:30Z",
  "published": "2022-05-13T01:15:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3402"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402"
    },
    {
      "type": "WEB",
      "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49121"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49122"
    },
    {
      "type": "WEB",
      "url": "http://technet.microsoft.com/security/advisory/2639658"
    },
    {
      "type": "WEB",
      "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027039"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTA-2011-ALE-006

Vulnerability from certfr_alerte - Published: - Updated:

Symantec et le Laboratory of Cryptography and System Security (CrySys) ont découvert une vulnérabilité non corrigée et exploitée sur l'Internet par le logiciel malveillant Duqu. Microsoft a publié un avis de sécurité 2639658 détaillant les mesures de protection immédiates pouvant être mises en œuvre.

Description

Le logiciel malveillant Duqu se propage notamment via l'exploitation d'une vulnérabilité non corrigée dans les polices TrueType. À ce jour, le code malveillant utilise pour vecteur un document Microsoft Word mais toute application reposant sur la fonctionnalité des polices embarquées est potentiellement vulnérable.

Pour mettre en œuvre son code d'exploitation, l'attaquant va intégrer à un document une police malveillante dont le chargement par le système va déclencher l'exécution de code arbitraire.

Enfin, il est important de prendre en compte les différents vecteurs que la plateforme Windows propose en terme de transport de polices de caractères.

La technologie Embedded Open Type (EOT) permet d'intégrer des polices TrueType à des documents HTML. Lors de l'ouverture d'une page Web, Internet Explorer va ouvrir le conteneur EOT et déclencher le chargement par Windows de la police TrueType contenue provoquant alors l'exécution de code arbitraire. Internet Explorer est le seul navigateur à supporter la technologie Embedded Open Type.

Au moment de la publication de cet avis, seuls des contournements provisoires sont disponibles. Une mise à jour de sécurité serait en cours de développement par Microsoft.

Contournement provisoire

Le contournement proposé par Microsoft repose sur le blocage des fonctionnalités de polices embarquées (T2EMBED.DLL).

Les polices embarquées, par exemple dans un document, ne sont alors plus transmises au composant Windows vulnérable en charge des polices TrueType. Le déploiement du contournement implique que les applications utilisant cette technologie connaîtront des problèmes d'affichage et/ou d'impression, les polices embarquées n'étant plus utilisables.

Ce déploiement peut être réalisé par script ou via un paquetage de type FixIt.

Ce contournement est aussi déployable par stratégies de groupe.

Le CERTA recommande de tester ce contournement avant tout déploiement à grande échelle (notamment installation, fonctionnalités de base et désinstallation).

Solution

Se référer au bulletin de sécurité MS011-087 de l'éditeur pour les détails d'obtention des correctifs (cf. section Documentation).

Toutes les versions supportées de Microsoft Windows sont affectées à l'exception des éditions Core de Windows Server 2008 et Windows Serveur 2008 R2 qui ne sont pas affectées par cette vulnérabilité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité Microsoft 2639658	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011 :	-	other
Fiche de support technique 2639658 relatif au paquetage FixIt :	-	other
Article de bloc-notes (blog) de Symantec sur l'installateur Duqu :	-	other
Avis du CERTA CERTA-2011-AVI-684 du 14 décembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions support\u00e9es de Microsoft Windows sont  affect\u00e9es \u00e0 l\u0027exception des \u00e9ditions \u003cSPAN class=\n  \"textit\"\u003eCore\u003c/SPAN\u003e de Windows Server 2008 et Windows Serveur  2008 R2 qui ne sont pas affect\u00e9es par cette vuln\u00e9rabilit\u00e9.\u003c/P\u003e",
  "closed_at": "2011-12-14",
  "content": "## Description\n\nLe logiciel malveillant Duqu se propage notamment via l\u0027exploitation\nd\u0027une vuln\u00e9rabilit\u00e9 non corrig\u00e9e dans les polices TrueType. \u00c0 ce jour,\nle code malveillant utilise pour vecteur un document Microsoft Word mais\ntoute application reposant sur la fonctionnalit\u00e9 des polices embarqu\u00e9es\nest potentiellement vuln\u00e9rable.\n\nPour mettre en \u0153uvre son code d\u0027exploitation, l\u0027attaquant va int\u00e9grer \u00e0\nun document une police malveillante dont le chargement par le syst\u00e8me va\nd\u00e9clencher l\u0027ex\u00e9cution de code arbitraire.\n\nEnfin, il est important de prendre en compte les diff\u00e9rents vecteurs que\nla plateforme Windows propose en terme de transport de polices de\ncaract\u00e8res.\n\nLa technologie Embedded Open Type (EOT) permet d\u0027int\u00e9grer des polices\nTrueType \u00e0 des documents HTML. Lors de l\u0027ouverture d\u0027une page Web,\nInternet Explorer va ouvrir le conteneur EOT et d\u00e9clencher le chargement\npar Windows de la police TrueType contenue provoquant alors l\u0027ex\u00e9cution\nde code arbitraire. Internet Explorer est le seul navigateur \u00e0 supporter\nla technologie Embedded Open Type.\n\nAu moment de la publication de cet avis, seuls des contournements\nprovisoires sont disponibles. Une mise \u00e0 jour de s\u00e9curit\u00e9 serait en\ncours de d\u00e9veloppement par Microsoft.\n\n## Contournement provisoire\n\nLe contournement propos\u00e9 par Microsoft repose sur le blocage des\nfonctionnalit\u00e9s de polices embarqu\u00e9es (T2EMBED.DLL).\n\nLes polices embarqu\u00e9es, par exemple dans un document, ne sont alors plus\ntransmises au composant Windows vuln\u00e9rable en charge des polices\nTrueType. Le d\u00e9ploiement du contournement implique que les applications\nutilisant cette technologie conna\u00eetront des probl\u00e8mes d\u0027affichage et/ou\nd\u0027impression, les polices embarqu\u00e9es n\u0027\u00e9tant plus utilisables.\n\nCe d\u00e9ploiement peut \u00eatre r\u00e9alis\u00e9 par script ou via un paquetage de type\nFixIt.\n\nCe contournement est aussi d\u00e9ployable par strat\u00e9gies de groupe.\n\nLe CERTA recommande de tester ce contournement avant tout d\u00e9ploiement \u00e0\ngrande \u00e9chelle (notamment installation, fonctionnalit\u00e9s de base et\nd\u00e9sinstallation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS011-087 de l\u0027\u00e9diteur pour les\nd\u00e9tails d\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011    :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-087"
    },
    {
      "title": "Fiche de support technique 2639658 relatif au paquetage    FixIt\u00a0:",
      "url": "http://support.microsoft.com/kb/2639658/fr"
    },
    {
      "title": "Article de bloc-notes (blog) de Symantec sur l\u0027installateur    Duqu\u00a0:",
      "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
    },
    {
      "title": "Avis du CERTA CERTA-2011-AVI-684 du 14 d\u00e9cembre 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-684"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011    :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-087"
    }
  ],
  "reference": "CERTA-2011-ALE-006",
  "revisions": [
    {
      "description": "documentation des vecteurs HTML bas\u00e9s sur la technologie Embedded Open Type.",
      "revision_date": "2011-11-04T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2011-11-09T00:00:00.000000"
    },
    {
      "description": "ajout du correctif Microsoft.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Symantec et le \u003cspan class=\"textit\"\u003eLaboratory of Cryptography and\nSystem Security\u003c/span\u003e (CrySys) ont d\u00e9couvert une vuln\u00e9rabilit\u00e9 non\ncorrig\u00e9e et exploit\u00e9e sur l\u0027Internet par le logiciel malveillant Duqu.\nMicrosoft a publi\u00e9 un avis de s\u00e9curit\u00e9 2639658 d\u00e9taillant les mesures de\nprotection imm\u00e9diates pouvant \u00eatre mises en \u0153uvre.\n",
  "title": "Exploitation d\u0027une vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType sur Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658",
      "url": "http://technet.microsoft.com/fr-fr/security/advisory/2639658"
    }
  ]
}

CERTA-2011-ALE-006

Vulnerability from certfr_alerte - Published: - Updated:

Description

Pour mettre en œuvre son code d'exploitation, l'attaquant va intégrer à un document une police malveillante dont le chargement par le système va déclencher l'exécution de code arbitraire.

Enfin, il est important de prendre en compte les différents vecteurs que la plateforme Windows propose en terme de transport de polices de caractères.

Au moment de la publication de cet avis, seuls des contournements provisoires sont disponibles. Une mise à jour de sécurité serait en cours de développement par Microsoft.

Contournement provisoire

Le contournement proposé par Microsoft repose sur le blocage des fonctionnalités de polices embarquées (T2EMBED.DLL).

Ce déploiement peut être réalisé par script ou via un paquetage de type FixIt.

Ce contournement est aussi déployable par stratégies de groupe.

Le CERTA recommande de tester ce contournement avant tout déploiement à grande échelle (notamment installation, fonctionnalités de base et désinstallation).

Solution

Se référer au bulletin de sécurité MS011-087 de l'éditeur pour les détails d'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité Microsoft 2639658	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011 :	-	other
Fiche de support technique 2639658 relatif au paquetage FixIt :	-	other
Article de bloc-notes (blog) de Symantec sur l'installateur Duqu :	-	other
Avis du CERTA CERTA-2011-AVI-684 du 14 décembre 2011 :	-	other
Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eToutes les versions support\u00e9es de Microsoft Windows sont  affect\u00e9es \u00e0 l\u0027exception des \u00e9ditions \u003cSPAN class=\n  \"textit\"\u003eCore\u003c/SPAN\u003e de Windows Server 2008 et Windows Serveur  2008 R2 qui ne sont pas affect\u00e9es par cette vuln\u00e9rabilit\u00e9.\u003c/P\u003e",
  "closed_at": "2011-12-14",
  "content": "## Description\n\nLe logiciel malveillant Duqu se propage notamment via l\u0027exploitation\nd\u0027une vuln\u00e9rabilit\u00e9 non corrig\u00e9e dans les polices TrueType. \u00c0 ce jour,\nle code malveillant utilise pour vecteur un document Microsoft Word mais\ntoute application reposant sur la fonctionnalit\u00e9 des polices embarqu\u00e9es\nest potentiellement vuln\u00e9rable.\n\nPour mettre en \u0153uvre son code d\u0027exploitation, l\u0027attaquant va int\u00e9grer \u00e0\nun document une police malveillante dont le chargement par le syst\u00e8me va\nd\u00e9clencher l\u0027ex\u00e9cution de code arbitraire.\n\nEnfin, il est important de prendre en compte les diff\u00e9rents vecteurs que\nla plateforme Windows propose en terme de transport de polices de\ncaract\u00e8res.\n\nLa technologie Embedded Open Type (EOT) permet d\u0027int\u00e9grer des polices\nTrueType \u00e0 des documents HTML. Lors de l\u0027ouverture d\u0027une page Web,\nInternet Explorer va ouvrir le conteneur EOT et d\u00e9clencher le chargement\npar Windows de la police TrueType contenue provoquant alors l\u0027ex\u00e9cution\nde code arbitraire. Internet Explorer est le seul navigateur \u00e0 supporter\nla technologie Embedded Open Type.\n\nAu moment de la publication de cet avis, seuls des contournements\nprovisoires sont disponibles. Une mise \u00e0 jour de s\u00e9curit\u00e9 serait en\ncours de d\u00e9veloppement par Microsoft.\n\n## Contournement provisoire\n\nLe contournement propos\u00e9 par Microsoft repose sur le blocage des\nfonctionnalit\u00e9s de polices embarqu\u00e9es (T2EMBED.DLL).\n\nLes polices embarqu\u00e9es, par exemple dans un document, ne sont alors plus\ntransmises au composant Windows vuln\u00e9rable en charge des polices\nTrueType. Le d\u00e9ploiement du contournement implique que les applications\nutilisant cette technologie conna\u00eetront des probl\u00e8mes d\u0027affichage et/ou\nd\u0027impression, les polices embarqu\u00e9es n\u0027\u00e9tant plus utilisables.\n\nCe d\u00e9ploiement peut \u00eatre r\u00e9alis\u00e9 par script ou via un paquetage de type\nFixIt.\n\nCe contournement est aussi d\u00e9ployable par strat\u00e9gies de groupe.\n\nLe CERTA recommande de tester ce contournement avant tout d\u00e9ploiement \u00e0\ngrande \u00e9chelle (notamment installation, fonctionnalit\u00e9s de base et\nd\u00e9sinstallation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS011-087 de l\u0027\u00e9diteur pour les\nd\u00e9tails d\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011    :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-087"
    },
    {
      "title": "Fiche de support technique 2639658 relatif au paquetage    FixIt\u00a0:",
      "url": "http://support.microsoft.com/kb/2639658/fr"
    },
    {
      "title": "Article de bloc-notes (blog) de Symantec sur l\u0027installateur    Duqu\u00a0:",
      "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
    },
    {
      "title": "Avis du CERTA CERTA-2011-AVI-684 du 14 d\u00e9cembre 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-684"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011    :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS11-087"
    }
  ],
  "reference": "CERTA-2011-ALE-006",
  "revisions": [
    {
      "description": "documentation des vecteurs HTML bas\u00e9s sur la technologie Embedded Open Type.",
      "revision_date": "2011-11-04T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2011-11-09T00:00:00.000000"
    },
    {
      "description": "ajout du correctif Microsoft.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Symantec et le \u003cspan class=\"textit\"\u003eLaboratory of Cryptography and\nSystem Security\u003c/span\u003e (CrySys) ont d\u00e9couvert une vuln\u00e9rabilit\u00e9 non\ncorrig\u00e9e et exploit\u00e9e sur l\u0027Internet par le logiciel malveillant Duqu.\nMicrosoft a publi\u00e9 un avis de s\u00e9curit\u00e9 2639658 d\u00e9taillant les mesures de\nprotection imm\u00e9diates pouvant \u00eatre mises en \u0153uvre.\n",
  "title": "Exploitation d\u0027une vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType sur Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658",
      "url": "http://technet.microsoft.com/fr-fr/security/advisory/2639658"
    }
  ]
}

GSD-2011-3402

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3402

Aliases

CVE-2011-3402

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3402",
    "description": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\"",
    "id": "GSD-2011-3402"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3402"
      ],
      "details": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\"",
      "id": "GSD-2011-3402",
      "modified": "2023-12-13T01:19:10.221924Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-3402",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "49121",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49121"
          },
          {
            "name": "oval:org.mitre.oval:def:15645",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
          },
          {
            "name": "TA12-164A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
          },
          {
            "name": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files",
            "refsource": "MISC",
            "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
          },
          {
            "name": "1027039",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027039"
          },
          {
            "name": "49122",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49122"
          },
          {
            "name": "MS11-087",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
          },
          {
            "name": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf",
            "refsource": "MISC",
            "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
          },
          {
            "name": "TA11-347A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:13998",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
          },
          {
            "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
          },
          {
            "name": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two",
            "refsource": "MISC",
            "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
          },
          {
            "name": "http://technet.microsoft.com/security/advisory/2639658",
            "refsource": "CONFIRM",
            "url": "http://technet.microsoft.com/security/advisory/2639658"
          },
          {
            "name": "MS12-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
          },
          {
            "name": "MS12-039",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
          },
          {
            "name": "oval:org.mitre.oval:def:15290",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
          },
          {
            "name": "http://isc.sans.edu/diary/Duqu+Mitigation/11950",
            "refsource": "MISC",
            "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
          },
          {
            "name": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit",
            "refsource": "MISC",
            "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
          },
          {
            "name": "TA12-129A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
          },
          {
            "name": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-3402"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
            },
            {
              "name": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
            },
            {
              "name": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
            },
            {
              "name": "http://isc.sans.edu/diary/Duqu+Mitigation/11950",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
            },
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
            },
            {
              "name": "http://technet.microsoft.com/security/advisory/2639658",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://technet.microsoft.com/security/advisory/2639658"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
            },
            {
              "name": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
            },
            {
              "name": "49121",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49121"
            },
            {
              "name": "49122",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49122"
            },
            {
              "name": "1027039",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027039"
            },
            {
              "name": "TA11-347A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
            },
            {
              "name": "TA12-129A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
            },
            {
              "name": "TA12-164A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:15645",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
            },
            {
              "name": "oval:org.mitre.oval:def:15290",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
            },
            {
              "name": "oval:org.mitre.oval:def:13998",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
            },
            {
              "name": "MS12-039",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
            },
            {
              "name": "MS12-034",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
            },
            {
              "name": "MS11-087",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2011-11-04T21:55Z"
    }
  }
}

FKIE_CVE-2011-3402

Vulnerability from fkie_nvd - Published: 2011-11-04 21:55 - Updated: 2025-10-22 01:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files
secure@microsoft.com	http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
secure@microsoft.com	http://isc.sans.edu/diary/Duqu+Mitigation/11950
secure@microsoft.com	http://secunia.com/advisories/49121	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/49122	Vendor Advisory
secure@microsoft.com	http://technet.microsoft.com/security/advisory/2639658	Vendor Advisory
secure@microsoft.com	http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
secure@microsoft.com	http://www.securitytracker.com/id?1027039
secure@microsoft.com	http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
secure@microsoft.com	http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-129A.html	US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-164A.html	US Government Resource
secure@microsoft.com	http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645
af854a3a-2127-422b-91ae-364da2661108	http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.edu/diary/Duqu+Mitigation/11950
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49121	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49122	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://technet.microsoft.com/security/advisory/2639658	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027039
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-129A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-164A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "cisaActionDue": "2025-10-27",
  "cisaExploitAdd": "2025-10-06",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka \"TrueType Font Parsing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el motor de an\u00e1lisis de fuentes TrueType de Win32k en el kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Oro y SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los datos de la fuente modificada en un documento de Word, como se explot\u00f3 \"in the wild\" en noviembre de 2011 por Duqu."
    }
  ],
  "id": "CVE-2011-3402",
  "lastModified": "2025-10-22T01:15:41.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2011-11-04T21:55:04.693",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49121"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49122"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://technet.microsoft.com/security/advisory/2639658"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1027039"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.edu/diary/Duqu+Mitigation/11950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://technet.microsoft.com/security/advisory/2639658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3402"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-684

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans la gestion des polices TrueType de Windows permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité présente dans le noyau de Windows permet d'exécuter du code arbitraire à distance et d'élever ses privilèges au niveau système. Elle est déclenchée lors de l'ouverture par l'utilisateur d'un document contenant une police de caractères TrueType spécialement conçue.

Cette vulnérabilité a été détaillée dans l'alerte du CERTA CERTA-2011-ALE-006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions supportées de Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011	None	vendor-advisory
Avis de sécurité Microsoft 2639658 du 03 novembre 2011 :	-	other
Avis de sécurité Microsoft 2639658 du 03 novembre 2011 :	-	other
Alerte du CERTA CERTA-2011-ALE-006 du 04 novembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions support\u00e9es de  Microsoft Windows.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le noyau de Windows permet d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance et d\u0027\u00e9lever ses privil\u00e8ges au niveau syst\u00e8me.\nElle est d\u00e9clench\u00e9e lors de l\u0027ouverture par l\u0027utilisateur d\u0027un document\ncontenant une police de caract\u00e8res TrueType sp\u00e9cialement con\u00e7ue.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9taill\u00e9e dans l\u0027alerte du CERTA\nCERTA-2011-ALE-006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658 du 03 novembre 2011 :",
      "url": "http://technet.microsoft.com/en-us/security/advisory/2639658"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658 du 03 novembre 2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/advisory/2639658"
    },
    {
      "title": "Alerte du CERTA CERTA-2011-ALE-006 du 04 novembre 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-006"
    }
  ],
  "reference": "CERTA-2011-AVI-684",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType de Windows permet\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType sur Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-087"
    }
  ]
}

CERTA-2012-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Dix vulnérabilités ont été corrigées dans Microsoft Office, Windows, .NET et Silverlight. Elles concernent :

deux failles dans la gestion des « TrueType Font » pouvant mener à une exécution de code arbitraire à distance ;
deux failles dans .NET, une affecte l'allocation de tampons, la deuxième les comparaisons des index. L'une peut causer une exécution de code arbitraire à distance et l'autre un déni de service ;
deux failles dans le composant GDI+, une affecte l'enregistrement du type dans les images EMF, la deuxième est un débordement de tampon dans le tas, les deux vulnérabilités peuvent mener à une exécution de code arbitraire à distance ;
une faille de type « double libération » dans Silverlight pouvant mener à une exécution de code arbitraire à distance ;
une faille dans la gestion des messages en mode noyau pouvant mener à une élévation de privilèges ;
une faille dans la configuration de clavier pouvant mener à une élévation de privilèges ;
une faille dans le calcul de la barre de navigation pouvant mener à une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office 2010 (sans Service Pack) ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows 2008 Serveur R2.
Microsoft	Office	Microsoft Office 2010 Service Pack 1 ;
Microsoft	N/A	Microsoft Silverlight 5 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Windows	Microsoft Windows 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP SP3 ;
Microsoft	Windows	Microsoft Windows 7 ;
Microsoft	Windows	Microsoft Windows Professionnel x64 ;
Microsoft	Windows	Microsoft Windows 2008 Serveur Service Pack 2 ;
Microsoft	N/A	Microsoft Silverlight 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité MS12-034 du 08 mai 2012	None	vendor-advisory
Bulletin de sécurité Microsoft MS12-034 du 08 mai 2012 :	-	other
Bulletin de sécurité Microsoft MS12-034 du 08 mai 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (sans Service Pack) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2008 Serveur R2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 7 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Professionnel x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2008 Serveur Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1848"
    },
    {
      "name": "CVE-2012-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0167"
    },
    {
      "name": "CVE-2012-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0181"
    },
    {
      "name": "CVE-2012-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0162"
    },
    {
      "name": "CVE-2012-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0180"
    },
    {
      "name": "CVE-2012-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0164"
    },
    {
      "name": "CVE-2012-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0176"
    },
    {
      "name": "CVE-2012-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0159"
    },
    {
      "name": "CVE-2012-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0165"
    },
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-034 du 08 mai 2012 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS12-034"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-034 du 08 mai 2012 :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-034"
    }
  ],
  "reference": "CERTA-2012-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Dix vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMicrosoft\nOffice, Windows, .NET\u003c/span\u003e et \u003cspan class=\"textit\"\u003eSilverlight\u003c/span\u003e.\nElles concernent :\n\n-   deux failles dans la gestion des \u00ab TrueType Font \u00bb pouvant mener \u00e0\n    une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   deux failles dans .NET, une affecte l\u0027allocation de tampons, la\n    deuxi\u00e8me les comparaisons des index. L\u0027une peut causer une ex\u00e9cution\n    de code arbitraire \u00e0 distance et l\u0027autre un d\u00e9ni de service ;\n-   deux failles dans le composant GDI+, une affecte l\u0027enregistrement du\n    type dans les images EMF, la deuxi\u00e8me est un d\u00e9bordement de tampon\n    dans le tas, les deux vuln\u00e9rabilit\u00e9s peuvent mener \u00e0 une ex\u00e9cution\n    de code arbitraire \u00e0 distance ;\n-   une faille de type \u00ab double lib\u00e9ration \u00bb dans Silverlight pouvant\n    mener \u00e0 une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   une faille dans la gestion des messages en mode noyau pouvant mener\n    \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une faille dans la configuration de clavier pouvant mener \u00e0 une\n    \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une faille dans le calcul de la barre de navigation pouvant mener \u00e0\n    une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Office, Windows, .NET et Silverlight",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS12-034 du 08 mai 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-323

Vulnerability from certfr_avis - Published: - Updated:

Trois vulnérabilités ont été corrigées dans Microsoft Lync. La vulnérabilité la plus importante permet d'exécuter du code arbitraire à distance si un utilisateur affiche du contenu partagé contenant des polices TrueType spécialement conçues.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Lync 2010 (32-bit et 64-bit) ;
Microsoft	N/A	Microsoft Lync 2010 Attendant (32-bit et 64-bit).
Microsoft	N/A	Microsoft Communicator 2007 R2 ;
Microsoft	N/A	Microsoft Lync 2010 Attendee ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-039 du 12 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Lync 2010 (32-bit et 64-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendant (32-bit et 64-bit).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Communicator 2007 R2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1849"
    },
    {
      "name": "CVE-2012-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0159"
    },
    {
      "name": "CVE-2012-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1858"
    },
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-323",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Lync\u003c/span\u003e. La vuln\u00e9rabilit\u00e9 la plus\nimportante permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance si un\nutilisateur affiche du contenu partag\u00e9 contenant des polices \u003cspan\nclass=\"textit\"\u003eTrueType\u003c/span\u003e sp\u00e9cialement con\u00e7ues.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Lync",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-039 du 12 juin 2012",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-039"
    }
  ]
}

CERTA-2011-AVI-684

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans la gestion des polices TrueType de Windows permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Cette vulnérabilité a été détaillée dans l'alerte du CERTA CERTA-2011-ALE-006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes les versions supportées de Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-087 du 13 décembre 2011	None	vendor-advisory
Avis de sécurité Microsoft 2639658 du 03 novembre 2011 :	-	other
Avis de sécurité Microsoft 2639658 du 03 novembre 2011 :	-	other
Alerte du CERTA CERTA-2011-ALE-006 du 04 novembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions support\u00e9es de  Microsoft Windows.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le noyau de Windows permet d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance et d\u0027\u00e9lever ses privil\u00e8ges au niveau syst\u00e8me.\nElle est d\u00e9clench\u00e9e lors de l\u0027ouverture par l\u0027utilisateur d\u0027un document\ncontenant une police de caract\u00e8res TrueType sp\u00e9cialement con\u00e7ue.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9taill\u00e9e dans l\u0027alerte du CERTA\nCERTA-2011-ALE-006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658 du 03 novembre 2011 :",
      "url": "http://technet.microsoft.com/en-us/security/advisory/2639658"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 2639658 du 03 novembre 2011 :",
      "url": "http://technet.microsoft.com/fr-fr/security/advisory/2639658"
    },
    {
      "title": "Alerte du CERTA CERTA-2011-ALE-006 du 04 novembre 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-006"
    }
  ],
  "reference": "CERTA-2011-AVI-684",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType de Windows permet\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la gestion des polices TrueType sur Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-087 du 13 d\u00e9cembre 2011",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-087"
    }
  ]
}

CERTA-2012-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Dix vulnérabilités ont été corrigées dans Microsoft Office, Windows, .NET et Silverlight. Elles concernent :

deux failles dans la gestion des « TrueType Font » pouvant mener à une exécution de code arbitraire à distance ;
deux failles dans .NET, une affecte l'allocation de tampons, la deuxième les comparaisons des index. L'une peut causer une exécution de code arbitraire à distance et l'autre un déni de service ;
deux failles dans le composant GDI+, une affecte l'enregistrement du type dans les images EMF, la deuxième est un débordement de tampon dans le tas, les deux vulnérabilités peuvent mener à une exécution de code arbitraire à distance ;
une faille de type « double libération » dans Silverlight pouvant mener à une exécution de code arbitraire à distance ;
une faille dans la gestion des messages en mode noyau pouvant mener à une élévation de privilèges ;
une faille dans la configuration de clavier pouvant mener à une élévation de privilèges ;
une faille dans le calcul de la barre de navigation pouvant mener à une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office 2010 (sans Service Pack) ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows 2008 Serveur R2.
Microsoft	Office	Microsoft Office 2010 Service Pack 1 ;
Microsoft	N/A	Microsoft Silverlight 5 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Windows	Microsoft Windows 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP SP3 ;
Microsoft	Windows	Microsoft Windows 7 ;
Microsoft	Windows	Microsoft Windows Professionnel x64 ;
Microsoft	Windows	Microsoft Windows 2008 Serveur Service Pack 2 ;
Microsoft	N/A	Microsoft Silverlight 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité MS12-034 du 08 mai 2012	None	vendor-advisory
Bulletin de sécurité Microsoft MS12-034 du 08 mai 2012 :	-	other
Bulletin de sécurité Microsoft MS12-034 du 08 mai 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 (sans Service Pack) ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2008 Serveur R2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP SP3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 7 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Professionnel x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2008 Serveur Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Silverlight 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1848"
    },
    {
      "name": "CVE-2012-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0167"
    },
    {
      "name": "CVE-2012-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0181"
    },
    {
      "name": "CVE-2012-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0162"
    },
    {
      "name": "CVE-2012-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0180"
    },
    {
      "name": "CVE-2012-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0164"
    },
    {
      "name": "CVE-2012-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0176"
    },
    {
      "name": "CVE-2012-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0159"
    },
    {
      "name": "CVE-2012-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0165"
    },
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-034 du 08 mai 2012 :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS12-034"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-034 du 08 mai 2012 :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-034"
    }
  ],
  "reference": "CERTA-2012-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Dix vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMicrosoft\nOffice, Windows, .NET\u003c/span\u003e et \u003cspan class=\"textit\"\u003eSilverlight\u003c/span\u003e.\nElles concernent :\n\n-   deux failles dans la gestion des \u00ab TrueType Font \u00bb pouvant mener \u00e0\n    une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   deux failles dans .NET, une affecte l\u0027allocation de tampons, la\n    deuxi\u00e8me les comparaisons des index. L\u0027une peut causer une ex\u00e9cution\n    de code arbitraire \u00e0 distance et l\u0027autre un d\u00e9ni de service ;\n-   deux failles dans le composant GDI+, une affecte l\u0027enregistrement du\n    type dans les images EMF, la deuxi\u00e8me est un d\u00e9bordement de tampon\n    dans le tas, les deux vuln\u00e9rabilit\u00e9s peuvent mener \u00e0 une ex\u00e9cution\n    de code arbitraire \u00e0 distance ;\n-   une faille de type \u00ab double lib\u00e9ration \u00bb dans Silverlight pouvant\n    mener \u00e0 une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   une faille dans la gestion des messages en mode noyau pouvant mener\n    \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une faille dans la configuration de clavier pouvant mener \u00e0 une\n    \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une faille dans le calcul de la barre de navigation pouvant mener \u00e0\n    une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Office, Windows, .NET et Silverlight",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS12-034 du 08 mai 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-323

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Lync 2010 (32-bit et 64-bit) ;
Microsoft	N/A	Microsoft Lync 2010 Attendant (32-bit et 64-bit).
Microsoft	N/A	Microsoft Communicator 2007 R2 ;
Microsoft	N/A	Microsoft Lync 2010 Attendee ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-039 du 12 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Lync 2010 (32-bit et 64-bit) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendant (32-bit et 64-bit).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Communicator 2007 R2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2010 Attendee ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1849"
    },
    {
      "name": "CVE-2012-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0159"
    },
    {
      "name": "CVE-2012-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1858"
    },
    {
      "name": "CVE-2011-3402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-323",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Lync\u003c/span\u003e. La vuln\u00e9rabilit\u00e9 la plus\nimportante permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance si un\nutilisateur affiche du contenu partag\u00e9 contenant des polices \u003cspan\nclass=\"textit\"\u003eTrueType\u003c/span\u003e sp\u00e9cialement con\u00e7ues.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Lync",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-039 du 12 juin 2012",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-039"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3402 (GCVE-0-2011-3402)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Description

Contournement provisoire

Solution

Description

Contournement provisoire

Solution

Description

Solution

Solution

Solution

Description

Solution

Solution

Solution

Tags

Sightings

Nomenclature