9.3
CVE-2011-0033
- EPSS 20.73%
- Veröffentlicht 10.02.2011 16:00:13
- Zuletzt bearbeitet 16.06.2026 23:26:39
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008 Editionitanium
Microsoft ≫ Windows Server 2008 Editionx32
Microsoft ≫ Windows Server 2008 Editionx64
Microsoft ≫ Windows Server 2008 Updater2 Editionitanium
Microsoft ≫ Windows Server 2008 Updater2 Editionx64
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx32
Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionitanium
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Vista Updatesp2
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.73% | 0.972 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://osvdb.org/70821
http://secunia.com/advisories/43252
http://support.avaya.com/css/P8/documents/100127239
http://www.securityfocus.com/bid/46106
http://www.securitytracker.com/id?1025034
http://www.vupen.com/english/advisories/2011/0320
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-007
https://exchange.xforce.ibmcloud.com/vulnerabilities/64906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11593