Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/CVE-2011-3402.B
Date discovered:05/12/2012
Type:Exploit
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
Static file:No
File size:~ 4.201 Bytes
VDF version:7.11.52.188 - Wednesday, December 5, 2012
IVDF version:7.11.52.188 - Wednesday, December 5, 2012

 General Aliases:
   •  Symantec: Trojan.Gen.2
   •  Kaspersky: Exploit.Win32.CVE-2011-3402.b
   •  Sophos: Troj/DexFont-A


Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to execute malicious code
   • Makes use of software vulnerability
CVE-2011-3402

 Special detection CVE-2011-3402

Description:
The exploit EXP/CVE-2011-3402 is targeting the True-Type-Font parsing engine which is run in kernel-mode. This fact makes this exploit very dangerous as an attacker can gain system level privileges.

An exploit gives the attacker the ability to install programs/drivers, view, change, or delete data or he could create new accounts with full user rights.

In an e-mail scenario the exploit needs user interaction (for instance by opening a malicious word document) to get executed. The discovered exploit comes in the form of a Microsoft word document.

Other possibilities may include using embedded TTF fonts in other types of files such as PDF.

Description inserted by Martin Muench on Sunday, December 30, 2012
Description updated by Martin Muench on Sunday, December 30, 2012

Back . . . .