CVE-2017-11832

Name of the Vulnerable Software and Affected Versions Windows 7 SP1 Windows Server 2008 SP2 Windows Server 2008 R2 SP1 Windows Server 2012

Description The issue concerns the Microsoft Windows embedded OpenType (EOT) font engine, which improperly handles specially crafted embedded fonts. This can allow an attacker to potentially read data that was not intended to be disclosed. The vulnerability enables attackers to obtain sensitive information and affect the system.

Recommendations For Windows 7 SP1, update the EOT font engine to a version that properly handles embedded fonts. For Windows Server 2008 SP2, apply the necessary patch to fix the EOT font engine parsing issue. For Windows Server 2008 R2 SP1, update the system to include the corrected EOT font engine. For Windows Server 2012, ensure the EOT font engine is updated to prevent the disclosure of sensitive information.