CVE-2011-2004

EPSS 54.2%
Published 08.11.2011 21:55:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Version-

Microsoft ≫ Windows 7 Version- Updatesp1 Editionx64

Microsoft ≫ Windows 7 Version- Updatesp1 Editionx86

Microsoft ≫ Windows Server 2008 Versionr2 Editionitanium

Microsoft ≫ Windows Server 2008 Versionr2 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	54.2%	0.978

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.kb.cert.org/vuls/id/675073

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-084

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14133

https://nvd.nist.gov/vuln/detail/CVE-2011-2004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2004

EUVD