MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
High Nessus Plugin ID 56737
SynopsisThe remote Windows host contains a component that is susceptible to a denial of service attack.
DescriptionThe remote Windows host contains a flaw in the Windows kernel such that fails to properly validate array indexes when loading TrueType font files, therefore making it vulnerable to a denial of service attack. An attacker can exploit this issue by placing a specially crafted TrueType font file on a network share or WebDAV location the victim is likely to visit.
SolutionMicrosoft has released a set of patches for Windows 7 and 2008 R2.