Home / bulletins

MS11-084 - Moderate : Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) - Version: 1.0

Posted on 08 November 2011

Moderate

Severity Rating: Moderate
Revision Note: V1.0 (November 8, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Link

 

TOP