CVE-2011-3402
Description
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka TrueType Font Parsing Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
89.217
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows XP (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2003 (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Vista (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2008 (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows 7 (KB2639417) x86 based systems | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows 7 (KB2639417) x86 based systems for SP1 | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows XP x64 Edition (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2003 x64 Edition (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Vista for x64-based Systems (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2008 x64 Edition (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows 7 for x64-based Systems (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows 7 for x64-based Systems (KB2639417) for SP1 | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2008 R2 x64 Edition (KB2639417) | Windows |
| ms11-087: vulnerability in windows kernel-mode drivers could allow remote code execution: december 13, 2011 for Windows Server 2008 R2 x64 Edition (KB2639417) for SP1 | Windows |
| Security Update for Windows XP (KB2660649) | Windows |
| Security Update for Windows Vista (KB2660649) | Windows |
| Security Update for Windows Server 2008 (KB2660649) | Windows |
| Security Update for Windows 7 (KB2660649) x86 based systems | Windows |
| Security Update for Windows 7 (KB2660649) x86 based systems for SP1 | Windows |
| Security Update for Windows Vista for x64-based Systems (KB2660649) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB2660649) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2660649) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2660649) for SP1 | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2660649) | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2660649) for SP1 | Windows |
| Security Update for Windows XP (KB2659262) | Windows |
| Security Update for Windows Server 2003 (KB2659262) | Windows |
| Security Update for Windows Vista (KB2659262) | Windows |
| Security Update for Windows Server 2008 (KB2659262) | Windows |
| Security Update for Windows 7 (KB2659262) x86 based systems | Windows |
| Security Update for Windows 7 (KB2659262) x86 based systems for SP1 | Windows |
| Security Update for Windows XP x64 Edition (KB2659262) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2659262) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB2659262) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB2659262) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2659262) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2659262) for SP1 | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2659262) | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2659262) | Windows |
| Security Update for Windows XP (KB2676562) | Windows |
| Security Update for Windows Server 2003 (KB2676562) | Windows |
| Security Update for Windows Vista (KB2676562) | Windows |
| Security Update for Windows Server 2008 (KB2676562) | Windows |
| Security Update for Windows 7 (KB2676562) x86 based systems | Windows |
| Security Update for Windows 7 (KB2676562) x86 based systems for SP1 | Windows |
| Security Update for Windows XP x64 Edition (KB2676562) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2676562) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB2676562) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB2676562) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2676562) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2676562) for SP1 | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2676562) | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2676562) for SP2 | Windows |
| Security Update for Windows XP (KB2686509) | Windows |
| Security Update for Windows Server 2003 (KB2686509) | Windows |
| Security Update for Windows XP x64 Edition (KB2686509) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2686509) | Windows |
| Security Update for Windows Vista (KB2658846) | Windows |
| Security Update for Windows Server 2008 (KB2658846) | Windows |
| Security Update for Windows 7 (KB2658846) x86 based systems | Windows |
| Security Update for Windows 7 (KB2658846) x86 based systems for SP1 | Windows |
| Security Update for Windows Vista for x64-based Systems (KB2658846) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB2658846) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2658846) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2658846) for SP1 | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2658846) | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2658846) | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2656407) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2656407) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2656409) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 (KB2656409) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (KB2656410) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2656411) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (KB2656410) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2656411) x64 bases systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (KB2656405) x86 based systems | Windows |
| Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (KB2656405) x64 bases systems | Windows |
| Security Update for Microsoft Office 2007 suites (KB2596672) | Windows |
| Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition | Windows |
| Security Update for Microsoft Office 2010 (KB2589337) 64-Bit Edition | Windows |
| Security Update for Microsoft Silverlight (KB2636927) | Windows |
| Security Update for Microsoft Lync 2010 (32 -bit) (KB2693282) | Windows |
| Security Update for Microsoft Lync 2010 (64-bit) (KB2693282) | Windows |
| Security Update for Microsoft Lync 2010 Attendant (KB2702444) | Windows |
| Security Update for Microsoft Lync 2010 Attendant (KB2702444) x64 bases systems | Windows |
| Security Update for Microsoft Lync 2010 Attendee (admin level install) (KB2696031) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-11122 | Security Update for Windows Vista (KB2639417) |
| PATCH-11123 | Security Update for Windows Server 2008 (KB2639417) |
| PATCH-11124 | Security Update for Windows 7 (KB2639417) |
| PATCH-11125 | Security Update for Windows 7 (KB2639417) |
| PATCH-11128 | Security Update for Windows Vista for x64-based Systems (KB2639417) |
| PATCH-11129 | Security Update for Windows Server 2008 x64 Edition (KB2639417) |
| PATCH-11130 | Security Update for Windows 7 for x64-based Systems (KB2639417) |
| PATCH-11131 | Security Update for Windows 7 for x64-based Systems (KB2639417) |
| PATCH-11132 | Security Update for Windows Server 2008 R2 x64 Edition (KB2639417) |
| PATCH-11133 | Security Update for Windows Server 2008 R2 x64 Edition (KB2639417) |
| PATCH-11810 | Security Update for Windows Vista (KB2660649) |
| PATCH-11811 | Security Update for Windows Server 2008 (KB2660649) |
| PATCH-11813 | Security Update for Windows 7 (KB2660649) |
| PATCH-11814 | Security Update for Windows Vista for x64-based Systems (KB2660649) |
| PATCH-11815 | Security Update for Windows Server 2008 x64 Edition (KB2660649) |
| PATCH-11817 | Security Update for Windows 7 for x64-based Systems (KB2660649) |
| PATCH-11819 | Security Update for Windows Server 2008 R2 x64 Edition (KB2660649) |
| PATCH-11824 | Security Update for Windows 7 (KB2659262) |
| PATCH-11825 | Security Update for Windows 7 (KB2659262) |
| PATCH-11826 | Security Update for Windows XP x64 Edition (KB2659262) |
| PATCH-11830 | Security Update for Windows 7 for x64-based Systems (KB2659262) |
| PATCH-11831 | Security Update for Windows 7 for x64-based Systems (KB2659262) |
| PATCH-11832 | Security Update for Windows Server 2008 R2 x64 Edition (KB2659262) |
| PATCH-11833 | Security Update for Windows Server 2008 R2 x64 Edition (KB2659262) |
| PATCH-11836 | Security Update for Windows Vista (KB2676562) |
| PATCH-11837 | Security Update for Windows Server 2008 (KB2676562) |
| PATCH-11838 | Security Update for Windows 7 (KB2676562) |
| PATCH-11839 | Security Update for Windows 7 (KB2676562) |
| PATCH-11842 | Security Update for Windows Vista for x64-based Systems (KB2676562) |
| PATCH-11843 | Security Update for Windows Server 2008 x64 Edition (KB2676562) |
| PATCH-11844 | Security Update for Windows 7 for x64-based Systems (KB2676562) |
| PATCH-11845 | Security Update for Windows 7 for x64-based Systems (KB2676562) |
| PATCH-11846 | Security Update for Windows Server 2008 R2 x64 Edition (KB2676562) |
| PATCH-11847 | Security Update for Windows Server 2008 R2 x64 Edition (KB2676562) |
| PATCH-11852 | Security Update for Windows Vista (KB2658846) |
| PATCH-11853 | Security Update for Windows Server 2008 (KB2658846) |
| PATCH-11855 | Security Update for Windows 7 (KB2658846) |
| PATCH-11856 | Security Update for Windows Vista for x64-based Systems (KB2658846) |
| PATCH-11857 | Security Update for Windows Server 2008 x64 Edition (KB2658846) |
| PATCH-11859 | Security Update for Windows 7 for x64-based Systems (KB2658846) |
| PATCH-11861 | Security Update for Windows Server 2008 R2 x64 Edition (KB2658846) |
| PATCH-11862 | Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2656407) |
| PATCH-11863 | Security Update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2003 and Windows XP (KB2656407) |
| PATCH-11866 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (KB2656410) |
| PATCH-11867 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2656411) |
| PATCH-11868 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (KB2656410) |
| PATCH-11869 | Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB2656411) |
| PATCH-11870 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (KB2656405) |
| PATCH-11871 | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (KB2656405) |
| PATCH-11873 | Security Update for Microsoft Office 2007 suites (KB2596672) |
| PATCH-11875 | Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition |
| PATCH-11876 | Security Update for Microsoft Office 2010 (KB2589337) 64-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234