CVE-2011-1873

Name of the Vulnerable Software and Affected Versions Windows XP SP2 Windows Server 2003 SP2 Windows Vista SP1 and SP2 Windows Server 2008 Gold, SP2, R2, and R2 SP1 Windows 7 Gold and SP1 on 64-bit platforms

Description A remote code execution issue exists due to improper parsing of specially crafted OpenType fonts on 64-bit and Itanium-based systems. This allows remote attackers to execute arbitrary code via a crafted font file. An attacker who successfully exploits this issue could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Windows XP SP2, update to a newer version to mitigate the risk. For Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Windows Vista SP1 and SP2, update to a newer version to mitigate the risk. For Windows Server 2008 Gold, SP2, R2, and R2 SP1, update to a newer version to mitigate the risk. For Windows 7 Gold and SP1 on 64-bit platforms, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of OpenType fonts until a patch is available.