9.3

CVE-2011-0033

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2003 Server Updatesp2 Editionitanium
MicrosoftWindows 7 Version-
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Server 2008 Updater2 Editionitanium
MicrosoftWindows Server 2008 Updater2 Editionx64
MicrosoftWindows Server 2008 Updatesp2 Editionx32
MicrosoftWindows Server 2008 Updatesp2 Editionx64
MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Updatesp2
MicrosoftWindows Vista Version- Updatesp1
MicrosoftWindows Xp Updatesp3
MicrosoftWindows Xp Version- Updatesp2 Editionx64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.73% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/70821
http://secunia.com/advisories/43252
Vendor Advisory
http://support.avaya.com/css/P8/documents/100127239
http://www.securityfocus.com/bid/46106
http://www.securitytracker.com/id?1025034
http://www.vupen.com/english/advisories/2011/0320
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-007
https://exchange.xforce.ibmcloud.com/vulnerabilities/64906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11593