{"vuid":"VU#675073","idnumber":"675073","name":"Microsoft Windows TrueType font array indexing vulnerability","keywords":["FOE","ttf"],"overview":"A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows.","clean_desc":"The Microsoft Windows kernel includes a driver (win32k.sys) that handles a variety of graphics processing tasks, including the processing of TrueType fonts. A vulnerability exists in the way this driver validates array indexes. This can cause Windows to crash with a \"blue screen.\"","impact":"By convincing a user to open a specially-crafted TrueType font file, a remote, unauthenticated attacker could cause a denial-of-service condition.","resolution":"Apply an update\nThis issue is addressed in Microsoft Security Bulletin MS11-084.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Will Dormann of the CERT/CC.","author":"This document was written by Will Dormann.","public":["h","t","t","p",":","/","/","t","e","c","h","n","e","t",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","e","n","-","u","s","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","1","1","-","0","8","4"],"cveids":["CVE-2011-2004"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-06-13T17:49:12Z","publicdate":"2011-11-08T00:00:00Z","datefirstpublished":"2011-11-08T18:59:43Z","dateupdated":"2012-03-28T15:04:28Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"13","cam_population":"19","cam_impact":"3","cam_easeofexploitation":"10","cam_attackeraccessrequired":"13","cam_scorecurrent":"2.9176875","cam_scorecurrentwidelyknown":"4.5849375","cam_scorecurrentwidelyknownexploited":"7.3636875","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.1","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"6.2","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":2.9176875,"vulnote":null}