Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation

News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Location
Chicago, IL
Revision Note: V1.0 (November 3, 2011): Advisory published.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

More...
 
Back
Top Bottom