CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
98.4%
A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows.
The Microsoft Windows kernel includes a driver (win32k.sys) that handles a variety of graphics processing tasks, including the processing of TrueType fonts. A vulnerability exists in the way this driver validates array indexes. This can cause Windows to crash with a “blue screen.”
By convincing a user to open a specially-crafted TrueType font file, a remote, unauthenticated attacker could cause a denial-of-service condition.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS11-084.
675073
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 13, 2011 Updated: November 08, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Temporal | 6.2 | E:ND/RL:OF/RC:C |
Environmental | 6.2 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
<http://technet.microsoft.com/en-us/security/bulletin/ms11-084>
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
CVE IDs: | CVE-2011-2004 |
---|---|
Severity Metric: | 2.92 Date Public: |