CVE-2011-0034
published 2011-04-13CVE-2011-0034: Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
27.93%
97.9th percentile
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-789g-f8cr-fh2g: Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
ghsa_unreviewed·2022-05-03
CVE-2011-0034 [HIGH] CWE-119 GHSA-789g-f8cr-fh2g: Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
Red Hat
sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
vendor_redhat·2011-01-14·CVSS 7.8
CVE-2011-0008 [HIGH] sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
Statement: Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-12-2011
blogs_zscaler·CVSS 9.3
[CRITICAL] Zscaler found Multiple Security Vulnerabilities | 04-12-2011
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
bugzilla·2011-10-19·CVSS 7.6
CVE-2011-3550 [HIGH] CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
Update 29 of Oracle/Sun Java fixes an unspecified vulnerability in the AWT component (CVE-2011-3550). Upstream has CVSSv2 scored this issue as: 5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P
Discussion:
External References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Extras for RHEL 4
Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Extras for RHEL 4
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2012:0034 https://r
Bugzilla
CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
bugzilla·2011-01-11·CVSS 7.8
CVE-2011-0008 [HIGH] CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
Due to upstream changes in how sudo 1.7.3 handles group membership checks, the patch used to correct bug #235915 (sudo can't always correctly determine group memberships) was incorrectly rediffed, making sudo in Fedora once again vulnerable to CVE-2009-0034 (incorrect handling of groups in Runas_User).
Statement:
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Discussion:
Created attachment 472949
corrected getgrouplist patch
http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-032https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11860
2011-04-13
Published