This application requires Javascript for optimal performance.

MS.Windows.Component.TrueType.Font.Code.Execution

Release Date Nov 08, 2011
Severity critical
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Microsoft Windows component. The vulnerability results from insecure code in the kernel responsible for parsing Font. It can be exploited via a crafted file (ttf), leading to code execution.
Affected Products Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Recommended Actions Currently we are not aware of any vendor supplied patch for this issue.
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2011-3402
Reference/s http://technet.microsoft.com/en-us/security/advisory/2639658 http://technet.microsoft.com/en-us/security/bulletin/MS11-087.mspx (MS-ID)

Reference: VID-29997

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2012 Fortinet Inc. All Rights Reserved