CVE-2011-2002 — Improper Input Validation in Microsoft Windows Server 2008

CWE-20 — Improper Input Validation5 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.4%

top 36.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedOct 12

Latest updateMay 13

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-9jrm-2jjr-9qf4: win32k↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit)↗2011-08-03

▶

Exploit-DB

Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit)↗2011-06-26

▶

Exploit-DB

Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting↗2002-04-20

▶