|MS11-084||Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)||Windows 7||Medium||09-11-2011|
Brief overview of the risk:
The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment.
Detailed Information on the risk:
A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specifically crafted TrueType font file. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and restart.
Further information on this exploit is available at : MS11-084
Affected SoftwareWindows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1***
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1