Executive Summary
Summary | |
---|---|
Title | Windows font library file buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#619281 | First vendor Publication | 2011-10-11 |
Vendor | VU-CERT | Last vendor Modification | 2011-10-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#619281Windows font library file buffer overflowOverviewMicrosoft Windows contains a buffer overflow vulnerability in the handling of font library files, which may allow a remote, unauthenticated attacker to execute arbitrary code with kernel privileges.I. DescriptionMicrosoft Windows supports a variety of font formats. One of which is the font library file format, which have the file extension of .FON. Rendering of font library files takes place in the Windows GDI (Graphics Device Interface), which is part of the Windows kernel-mode driver win32k.sys. Microsoft Windows contains a buffer overflow in the handling of font library files.II. ImpactBy convincing a user to open a specially-crafted font library file, a remote, unauthenticated attacker could execute arbitrary code with kernel privileges. A local use could also gain elevated privileges.III. SolutionApply an updateThis issue is addressed in Microsoft Security Bulletin MS11-077.
Referenceshttp://technet.microsoft.com/en-us/security/bulletin/ms11-077 CreditThis issue was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. Other Information
|
Original Source
Url : http://www.kb.cert.org/vuls/id/619281 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13103 | |||
Oval ID: | oval:org.mitre.oval:def:13103 | ||
Title: | Font Library File Buffer Overrun Vulnerability | ||
Description: | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2003 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2011-10-13 | MS11-077 .fon Kernel-Mode Buffer Overrun PoC |
OpenVAS Exploits
Date | Description |
---|---|
2011-10-12 | Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) File : nvt/secpod_ms11-077.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76220 | Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2015-06-23 | Microsoft Windows Font Library file buffer overflow attempt RuleID : 34566 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Font Library file buffer overflow attempt RuleID : 20572 - Revision : 12 - Type : FILE-OTHER |
2014-01-10 | FON font file download request RuleID : 20269 - Revision : 20 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-11 | Name : The remote Windows kernel is affected by multiple vulnerabilities. File : smb_nt_ms11-077.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-06-23 21:26:39 |
|
2014-02-17 12:08:02 |
|
2014-01-19 21:31:04 |
|
2013-05-11 00:57:15 |
|