Home > Threat descriptions >

Exploit:W32/CVE-2011-3402.A

Classification

Category: Malware

Type: Exploit

Aliases: Exploit:W32/CVE-2011-3402.A, Exploit:W32/CVE-2011-3402.A

Summary


Exploit:W32/CVE-2011-3402.A is a Generic Detection that identifies malicious files which exploit a known vulnerability in various Windows operating system versions.

Generic detections are broad patterns of code or behavior that are used by security software to identify programs or files. If you suspect the detected file was incorrectly identified, go to: Removal: Resolve a False Positive.

Removal


Automatic action

Once detected, the F-Secure security product will automatically handle a harmful program or file by either deleting or renaming it.

Prevention

The malicious files identified by this detection exploit a known vulnerability in specific versions of the Windows opearting system. To prevent successful exploitation, please ensure you install the latest updates available for Windows. A patch for this vulnerability was released by Microsoft in December 2011 and is available at:

Suspect A False Positive?

If you suspect a file has been wrongly identified by this detection (that is, it is a False Positive), you may elect to submit a sample of the file to our Labs for further analysis via:

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Exploit:W32/CVE-2011-3402.A is a generic detection that identifies malicious font files which can be used to exploit a known vulnerability in the TrueType font parsing engine on specific versions of the Windows operating system.

If successfully used, this exploit can allow execution of malicious code contained in specially crafted font data on a web page or Word document.

This exploit is known to be used by malware such as the Cool exploit kit, which is associated with distributing Reveton ransomware, and the Duqu backdoor program.