CVE-2011-3402

Published: Nov 4, 2011Modified: Apr 22, 2026CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Affected (9)

Products: Microsoft: Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows Xp

5 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (41)

http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files

Source: secure@microsoft.com

Broken Link

http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx

Source: secure@microsoft.com

Vendor Advisory

http://isc.sans.edu/diary/Duqu+Mitigation/11950

Source: secure@microsoft.com

Third Party Advisory

http://secunia.com/advisories/49121

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/49122

Source: secure@microsoft.com

Vendor Advisory

http://technet.microsoft.com/security/advisory/2639658

Source: secure@microsoft.com

Vendor Advisory

http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two

Source: secure@microsoft.com

Not Applicable

http://www.securitytracker.com/id?1027039

Source: secure@microsoft.com

Broken Link

http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit

Source: secure@microsoft.com

Not Applicable

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

Source: secure@microsoft.com

Not Applicable

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

Source: secure@microsoft.com

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA12-129A.html

Source: secure@microsoft.com

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA12-164A.html

Source: secure@microsoft.com

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

Source: secure@microsoft.com

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998

Source: secure@microsoft.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290

Source: secure@microsoft.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645

Source: secure@microsoft.com

Broken Link

http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files