MS11-041 MS11-041 - Critical : Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) - Version: 1.0
Version2011-06-14
Severity Rating: Critical
Revision Note: V1.0 (June 14, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
Max CVSS
9.3
EPSS Score
27.77%
Published
2011-06-16
Updated
2023-12-07