CVE-2011-0034

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-0034 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sebastien Renaud .
The original article can be found at: http://seclists.org/bugtraq/2011/Apr/156

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-0034

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1

The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.

Patch Availability:
Apply the MS11-032 security update.
http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx

CVE Information:
CVE-2011-0034

Disclosure Timeline:
2011-03-02 - Vulnerability Discovered
2011-04-12 - MS11-032 security update available

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus