PT-2011-3543 · Microsoft · Windows 7+2

Will Dorman

Published

2011-11-08

Updated

2020-09-28

CVE-2011-2004

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 R2 and R2 SP1 Microsoft Windows 7 Gold and SP1

Description A denial of service issue exists in the Microsoft Windows kernel, caused by improper processing of a specifically crafted TrueType font file. This could allow remote attackers to cause the system to stop responding and restart.

Recommendations For Microsoft Windows Server 2008 R2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 7 Gold and SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of TrueType font files from untrusted sources to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-2004

Affected Products

Windows 7

Windows Server 2008 R2

Windows

PT-2011-3543 · Microsoft · Windows 7+2

CVE-2011-2004

Weakness Enumeration

Related Identifiers

Affected Products

References · 6