Oval Definition:oval:org.mitre.oval:def:15645
Revision Date:2015-08-10Version:79
Title:TrueType Font Parsing Vulnerability (CVE-2011-3402)
Description:Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-3402
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 4
Microsoft Silverlight 5
Definition Synopsis
  • Vulnerable Windows Vista x86/x64 SP2, Server 2008 x86/x64 SP2 (KB2659262)
  • Windows Vista x86/x64 SP2, Server 2008 x86/x64 SP2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • the version of Jntfiltr.dll is less than 6.0.6002.18579
  • OR LDR
  • the version of Jntfiltr.dll is greater than or equal 6.0.6002.22000
  • AND the version of Jntfiltr.dll is less than 6.0.6002.22789
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x86/x64 (KB2660649)
  • Windows 7 x86/x64, Windows Server 2008 R2 x86/x64
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND GDR or LDR Service branch
  • the version of Jntfiltr.dll is less than 6.1.7600.16988
  • OR LDR
  • the version of Jntfiltr.dll is less than 6.1.7600.21179
  • AND the version of Jntfiltr.dll is greater than or equal to 6.1.7600.20000
  • OR Vulnerable Microsoft Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64 sp1/sp1 (KB2660649)
  • Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64 sp1/sp1
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • the version of Jntfiltr.dll is less than 6.1.7601.17803
  • OR LDR
  • the version of Jntfiltr.dll is less than 6.1.7601.21955
  • AND the version of Jntfiltr.dll is greater than or equal to 6.1.7601.21000
  • OR Windows XP x86 SP3, Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 (KB2659262)
  • Vulnerable Windows XP x86 SP3, Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND the version of gdiplus.dll is less than 5.2.6002.22791
  • OR Vulnerable Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2 (KB2659262)
  • Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND the version of gdiplus.dll is less than 6.0.6002.22795
  • OR Windows 7 x86/x64, Server 2008 r2 x64/ia64, Windows 7 x86/x64 SP1, Server 2008 r2 x64/ia64 SP1 (KB2659262)
  • Windows 7 x86/x64, Server 2008 r2 x64/ia64, Windows 7 x86/x64 SP1, Server 2008 r2 x64/ia64 SP1
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • OR Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND the version of gdiplus.dll is less than 6.1.7601.21977
  • OR Vulnerable Microsoft Windows XP (x86) SP3 (KB2676562)
  • Microsoft Windows XP (x86) SP3 is installed
  • AND the version of win32k.sys is less than 5.1.2600.6206
  • OR Vulnerable Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 (KB2676562)
  • Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND the version of win32k.sys is less than 5.2.3790.4980
  • OR Vulnerable Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 (KB2676562)
  • Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • the version of win32k.sys is less than 6.0.6002.18607
  • OR LDR
  • the version of win32k.sys is less than 6.0.6002.22831
  • AND the version of win32k.sys is greater than or equal to 6.0.6002.22000
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x86/x64/ia64 (KB2676562)
  • Windows 7 x86/x64, Windows Server 2008 R2 x86/x64/ia64
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND GDR or LDR Service branch
  • the version of win32k.sys is less than 6.1.7600.16988
  • OR LDR
  • the version of win32k.sys is less than 6.1.7600.21179
  • AND the version of win32k.sys is greater than or equal to 6.1.7600.20000
  • OR Vulnerable Microsoft Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64/ia64 sp1/sp1 (KB2676562)
  • Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x86/x64/ia64 sp1/sp1
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • the version of win32k.sys is less than 6.1.7601.17803
  • OR LDR
  • the version of win32k.sys is less than 6.1.7601.21955
  • AND the version of win32k.sys is greater than or equal to 6.1.7601.21000
  • OR Windows XP x86 SP3, Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 (KB2686509)
  • Vulnerable Windows XP x86 SP3, Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND NOT KB2686509 is installed
  • Microsoft Silverlight 4 (KB2690729)
  • Microsoft Silverlight 4 is installed
  • AND the version of Silverlight is less than 4.1.10329.0
  • Microsoft Silverlight 5 (KB2636927)
  • Microsoft Silverlight 5 is installed
  • AND the version of Silverlight is less than 5.1.10411.0
  • OR Microsoft Office 2003 (KB2598253)
  • Microsoft Office 2003 is installed
  • AND GDIPlus.dll version is less than 11.0.8345.0
  • OR Microsoft Office 2007 (KB2596672/KB2596792)
  • Microsoft Office 2007 is installed
  • AND KB2596672/KB2596792
  • the version of Mspcore.dll is less than 12.0.6658.5001
  • OR the version of Ogl.dll is less than 12.0.6659.5000
  • OR Microsoft Office 2010 (KB2589337)
  • Microsoft Office 2010 is installed
  • AND the version of Ogl.dll is less than 14.0.6117.5001
    • BACK