| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability note CVE-2011-3402
Windows: code execution via Win32k TrueType
Synthesis of the vulnerability
| An attacker can invite the victim to open a document containing a malicious font, generating an error in the Windows kernel, in order to execute code. |
Severity: 3/4.
Creation date: 02/11/2011.
Revision date: 04/11/2011.
|
Impacted products
Description of the vulnerability
The T2EMBED.DLL library manages EOT (Embedded OpenType, based on TrueType) fonts, which are included in a web page, or in an Office document. The Win32k.sys kernel driver is called to display these characters.
An attacker can create a document (Word for example) containing a malicious TrueType font. When this document is opened, T2EMBED.DLL is called, and generates an error in T2EMBED.DLL. Technical details are unknown.
An attacker can therefore invite the victim to open a document containing a malicious font, generating an error in the Windows kernel, in order to execute code. A malicious web page can also be used as an attack vector.
This vulnerability is used by the Duqu malware (VIGILANCE-ACTU-3146). |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Windows: code execution via Win32k TrueType.
Keywords: Duqu EOT Embedded Office OpenType T2EMBED TrueType Win32k Windows Word code execution.
Identifiers: 2639417, 2639658, BID-50462, CVE-2011-3402, MS11-087, VIGILANCE-VUL-11119, VU#316553.
Pointed by: VIGILANCE-VUL-11599.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability announce. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
