CVE-2011-3402: CVE-2011-3402

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-3402

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows 任意代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows多个版本内核的Win32k TrueType字体解析引擎中存在未明漏洞。远程攻击者可借助Word文件中特制字体数据执行任意代码。这些版本包括：Microsoft Windows XP SP2和SP3版本，Windows Server 2003 SP2版本，Windows Vista SP2版本，Windows Server 2008 SP2，R2以及R2 SP1版本和Window

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2011-3402

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2011-3402

Please Login to view more intelligence information

http://isc.sans.edu/diary/Duqu+Mitigation/11950x_refsource_MISC
http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Twox_refsource_MISC
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdfx_refsource_MISC
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdfx_refsource_MISC
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspxx_refsource_CONFIRM
http://technet.microsoft.com/security/advisory/2639658x_refsource_CONFIRM
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-filesx_refsource_MISC
http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploitx_refsource_MISC
http://secunia.com/advisories/49122third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/49121third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1027039vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA11-347A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlthird-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2011-3402

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2011-3402

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2011-3402

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2011-3402

III. Intelligence Information for CVE-2011-3402

New Vulnerabilities

V. Comments for CVE-2011-3402

Leave a comment