Description Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
CVSS vector AV:N/AC:M/C:N/I:N/A:C Exploitability: 8.6 | Impact: 6.9 Confidentiality: None
Integrity: None
Affected Packages1 packages
🔴 Vulnerability Details1 GHSA GHSA-mfgm-v8rv-75rw: Array index error in win32k ↗ 2022-05-13 ▶
💥 Exploits & PoCs4 Exploit-DB Beckhoff TwinCAT 2.11.0.2004 - Denial of Service ↗ 2011-09-14 ▶ Exploit-DB Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass) ↗ 2011-08-03 ▶ Exploit-DB Adobe Reader 5.1 - XFDF Buffer Overflow (SEH) ↗ 2011-07-04 ▶ Exploit-DB Microsoft Host Integration Server 2004-2010 - Remote Denial of Service ↗ 2011-04-11 ▶
📋 Vendor Advisories1 Red Hat libpng: regression of CVE-2004-0421 in 1.2.23+ ↗ 2011-06-07 ▶
💬 Community6 Bugzilla CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6] ↗ 2011-06-29 ▶ Bugzilla CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all] ↗ 2011-06-29 ▶ Bugzilla CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5] ↗ 2011-06-29 ▶ Bugzilla CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all] ↗ 2011-06-29 ▶ Bugzilla CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ ↗ 2011-06-27 ▶ Show 1 more