Overview
A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows.
Description
The Microsoft Windows kernel includes a driver (win32k.sys) that handles a variety of graphics processing tasks, including the processing of TrueType fonts. A vulnerability exists in the way this driver validates array indexes. This can cause Windows to crash with a "blue screen." |
Impact
By convincing a user to open a specially-crafted TrueType font file, a remote, unauthenticated attacker could cause a denial-of-service condition. |
Solution
Apply an update This issue is addressed in Microsoft Security Bulletin MS11-084. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Temporal | 6.2 | E:ND/RL:OF/RC:C |
| Environmental | 6.2 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2011-2004 |
| Severity Metric: | 2.92 |
| Date Public: | 2011-11-08 |
| Date First Published: | 2011-11-08 |
| Date Last Updated: | 2012-03-28 15:04 UTC |
| Document Revision: | 12 |