CVE-2011-3402

Name of the Vulnerable Software and Affected Versions Windows XP SP2 and SP3 Windows Server 2003 SP2 Windows Vista SP2 Windows Server 2008 SP2, R2, and R2 SP1 Windows 7 Gold and SP1

Description The issue is related to errors in processing objects in memory in the TrueType font parsing engine in win32k.sys. Exploitation of this issue may allow a remote attacker to execute arbitrary code. This has been exploited in the wild, for example, by Duqu in November 2011. The vulnerability could be triggered by opening a specially crafted TrueType font file, potentially allowing an attacker to take complete control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows XP SP2 and SP3, consider applying security updates or patches to fix the vulnerability. For Windows Server 2003 SP2, apply the appropriate patch to resolve the issue. For Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1, update to a version that includes the fix for the TrueType font parsing vulnerability. As a temporary workaround, consider restricting the use of TrueType font files from untrusted sources until a patch is applied.