Microsoft Security Advisory 2639658, CVE-2011-3402

November 7th, 2011

The Sourcefire VRT is aware of a vulnerability affecting hosts using the Microsoft Windows operating system.

Details:

Microsoft Security Advisory (2639658):
The Microsoft Windows TrueType font parsing engine contains a vulnerability that may allow a remote attacker to execute code on an affected system. A succesful exploitation of this vulnerability may allow the attacker to execute code in kernel mode. This vulnerability is also related to the Duqu malware.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 20539.

For Assistance

Visit the Sourcefire Customer Support site at https://support.sourcefire.com.
Email Sourcefire Customer Support at support@sourcefire.com.
Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.