Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-3402

Disclosure Date: November 04, 2011
CVE-2011-3402
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka “TrueType Font Parsing Vulnerability.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
post/windows/gather/forensics/duqu_check
Reporter
Unknown

Vendors

  • microsoft

Products

  • windows 7 -,
  • windows server 2003,
  • windows server 2008,
  • windows server 2008 -,
  • windows vista,
  • windows xp

References

Canonical
CVE-2011-3402 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402)
Advisory
SECUNIA-49121 (http://secunia.com/advisories/49121)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645
TA12-164A (http://www.us-cert.gov/cas/techalerts/TA12-164A.html)
SECTRACK-1027039 (http://www.securitytracker.com/id?1027039)
SECUNIA-49122 (http://secunia.com/advisories/49122)
MS11-087 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087)
TA11-347A (http://www.us-cert.gov/cas/techalerts/TA11-347A.html)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998
http://technet.microsoft.com/security/advisory/2639658
MS12-034 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034)
MS12-039 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290
TA12-129A (http://www.us-cert.gov/cas/techalerts/TA12-129A.html)
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
Miscellaneous
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
http://isc.sans.edu/diary/Duqu+Mitigation/11950
http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis