Exploit:W32/CVE-2011-3402.A, Exploit:W32/CVE-2011-3402.A


Exploit:W32/CVE-2011-3402.A is a Generic Detection that identifies malicious files which exploit a known vulnerability in various Windows operating system versions.

Security programs use generic detections that look for broad patterns of code or behavior to identify similar programs or files. If you suspect the file was incorrectly detected, go to: Removal: Resolving a False Positive.


Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.


The malicious files identified by this detection exploit a known vulnerability in specific versions of the Windows opearting system. To prevent successful exploitation, please ensure you install the latest updates available for Windows. A patch for this vulnerability was released by Microsoft in December 2011 and is available at:

Suspect A False Positive?

If you suspect a file has been wrongly identified by this detection (that is, it is a False Positive), you may elect to submit a sample of the file to our Labs for further analysis via:

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Exploit:W32/CVE-2011-3402.A is a generic detection that identifies malicious font files which can be used to exploit a known vulnerability in the TrueType font parsing engine on specific versions of the Windows operating system.

If successfully used, this exploit can allow execution of malicious code contained in specially crafted font data on a web page or Word document.

This exploit is known to be used by malware such as the Cool exploit kit, which is associated with distributing Reveton ransomware, and the Duqu backdoor program.

Date Created: -

Date Last Modified: -