Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Win32k True Type Font Parsing Vulnerability


Report ID: MAPP-CVE20113402
Date Published: 09 November 2011
Date Revised: -

Criticality: -
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability in the Win32k TrueType parsing engine could allow an attacker to execute arbitrary code in kernel mode.



Detailed Description

Microsoft has disclosed a vulnerability in the Win32k TrueType font parsing engine, a component of Microsoft Windows. The vulnerability, which exists when the Windows kernel-mode driver (win32k.sys) fails to properly handle TrueType font type, could be exploited to run arbitrary code in kernel mode.

Users are advised to implement some workaround to mitigate the impact of this vulnerability. Please refer to Microsoft Security Advisory (2639658) for complete instructions.

F-Secure detects the files taking advantage of this vulnerability as Exploit.CVE-2011-3402.Gen starting in Aquarius database version 2011-11-07_04, which was released on 7 November 2011. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.



CVE Reference

CVE-2011-3402



Detected Exploit

Detection
Exploit.CVE-2011-3402.Gen

Database
Aquarius database version 2011-11-07_04

Release Date
7 November 2011



Solution

Workaround
Deny access to T2EMBED.DLL.  Please refer to Microsoft Security Advisory (2639658) for complete instructions.

Removal/Disinfection
Allow F-Secure Internet Security or F-Secure Anti-Virus to remove or disinfect malicious files.



Additional Info

There is a report on this vulnerability being exploited by the Duqu malware via a document attachment in an e-mail.



Online Virus Scanner

 
Run a quick online virus scan of your computer.

 

Submit a sample

Wondering if a file or URL is malicious?

Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)