MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a code execution vulnerability in its
font parsing engine.

Description :

The remote host has an unspecified code execution vulnerability in
the Win32k TrueType font parsing engine. Specially crafted TrueType
fonts are not properly handled, which could allow arbitrary code
execution in kernel mode. A remote attacker could exploit this
vulnerability by tricking a user into viewing a specially crafted
TrueType font (e.g., via web or email).

This vulnerability is reportedly exploited by the Duqu malware and is
being exploited in the wild.

Note that this plugin has been deprecated on December 13, 2011 with
the publication by Microsoft of MS11-087.

See also :

http://www.crysys.hu/
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
http://www.nessus.org/u?70696c53
http://technet.microsoft.com/en-us/security/advisory/2639658
http://support.microsoft.com/kb/2639658

Solution :

Apply the workaround referenced in Microsoft Security Advisory
(2639658). This workaround may cause some fonts to display
improperly. Refer to the advisory for more information.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.0
(CVSS2#E:F/RL:TF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56711 ()

Bugtraq ID: 50462

CVE ID: CVE-2011-3402

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now