| VID |
26599 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS11-084, 2617657) for 'Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service' has not been applied.
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. The security update addresses the vulnerability by ensuring that the Windows kernel-mode drivers properly validate array indexes when loading TrueType font files.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vuls/id/675073
http://technet.microsoft.com/en-us/security/bulletin/ms11-084
* Platforms Affected:
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
| Recommendation |
Apply the appropriate patch (2617657) for your system, as listed in Microsoft Security Bulletin MS11-084 at http://technet.microsoft.com/en-us/security/bulletin/ms11-084
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2011-2004 (CVE) |
| Related URL |
49973 (SecurityFocus) |
| Related URL |
(ISS) |
|
