CVE-2011-0033

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, and R2 Microsoft Windows 7

Description The issue arises from the improper validation of parameter values in OpenType fonts by the OpenType Compact Font Format (CFF) driver. This allows remote attackers to execute arbitrary code via a crafted font. A remote code execution vulnerability exists in the way that the Windows OpenType Compact Font Format (CFF) driver improperly parses specially crafted OpenType fonts, which could allow an attacker to run arbitrary code in kernel mode.

Recommendations For Microsoft Windows XP versions SP2 and SP3, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Vista versions SP1 and SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 versions Gold, SP2, and R2, update to a newer version that contains a fix for this issue. For Microsoft Windows 7, update to a newer version that contains a fix for this issue.