Korean

<< Back VID 26576 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The hotfix (MS11-041, 2525694) for 'Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution' has not been applied. This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. The security update addresses the vulnerability by correcting the way that the Windows kernel-mode driver validates pointers while parsing OpenType fonts. * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: http://www.microsoft.com/technet/security/bulletin/ms11-041.mspx * Platforms Affected: Windows XP x64 SP32 Windows Server 2003 x64 SP2 Windows Server 2003 SP2 for Itanium Windows Vista x64 SP1 and SP2 Windows Server 2008 x64 and SP2 Windows 7 x64 and SP1 Windows Server 2008 R2 x64 and SP1 Windows Server 2008 R2 for Itanium and SP1 Recommendation Apply the appropriate patch (2525694)for your system, as listed in Microsoft Security Bulletin MS11-034 at http://www.microsoft.com/technet/security/bulletin/ms11-041.mspx -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. Related URL CVE-2011-1873 (CVE) Related URL 48183 (SecurityFocus) Related URL (ISS)