Home

CVE-2011-2004

Description

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka TrueType Font Parsing Vulnerability, a different vulnerability than CVE-2011-3402.

Risk Information

Base Score
5.5
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
47.708

Associated Vulnerability

VulnerabilityOS Platform
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows 7 (KB2617657) x86 based systemsWindows
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows 7 (KB2617657) x86 based systems for SP1Windows
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows 7 for x64-based Systems (KB2617657)Windows
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows 7 for x64-based Systems (KB2617657) for SP1Windows
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows Server 2008 R2 x64 Edition (KB2617657)Windows
ms11-084: vulnerability in windows kernel-mode drivers could allow denial of service: november 8, 2011 for Windows Server 2008 R2 x64 Edition (KB2617657) for SP1Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-11079Security Update for Windows 7 (KB2617657)
PATCH-11080Security Update for Windows 7 (KB2617657)
PATCH-11081Security Update for Windows 7 for x64-based Systems (KB2617657)
PATCH-11082Security Update for Windows 7 for x64-based Systems (KB2617657)
PATCH-11083Security Update for Windows Server 2008 R2 x64 Edition (KB2617657)
PATCH-11084Security Update for Windows Server 2008 R2 x64 Edition (KB2617657)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234