Back to search
CVE-2011-3402
Published: Nov 4, 2011
Modified: Oct 22, 2025
PUBLISHED
Description
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49121
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:15645
vdb-entry
signature
x_refsource_OVAL
TA12-164A
third-party-advisory
x_refsource_CERT
1027039
vdb-entry
x_refsource_SECTRACK
49122
third-party-advisory
x_refsource_SECUNIA
MS11-087
vendor-advisory
x_refsource_MS
TA11-347A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:13998
vdb-entry
signature
x_refsource_OVAL
http://technet.microsoft.com/security/advisory/2639658
x_refsource_CONFIRM
MS12-034
vendor-advisory
x_refsource_MS
MS12-039
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:15290
vdb-entry
signature
x_refsource_OVAL
http://isc.sans.edu/diary/Duqu+Mitigation/11950
x_refsource_MISC
TA12-129A
third-party-advisory
x_refsource_CERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now