Need help? Ask the community or hire an expert.
Go to Avira Answers
La date de la découverte:05/12/2012
En circulation:Non
Infections signalées Moyen
Potentiel de distribution:Faible
Potentiel de destruction:Faible
Fichier statique:Non
Taille du fichier:~ 4.201 Octets
Version VDF:
Version IVDF:

 Général Les alias:
   •  Symantec: Trojan.Gen.2
   •  Kaspersky: Exploit.Win32.CVE-2011-3402.b
   •  Sophos: Troj/DexFont-A

Plateformes / Systèmes d'exploitation:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Effets secondaires:
   • Peut être utilisé pour exécuter un code malveillant
   • Il emploie les vulnérabilités de software
      •  CVE-2011-3402

 Détection spéciale CVE-2011-3402

The exploit EXP/CVE-2011-3402 is targeting the True-Type-Font parsing engine which is run in kernel-mode. This fact makes this exploit very dangerous as an attacker can gain system level privileges.

An exploit gives the attacker the ability to install programs/drivers, view, change, or delete data or he could create new accounts with full user rights.

In an e-mail scenario the exploit needs user interaction (for instance by opening a malicious word document) to get executed. The discovered exploit comes in the form of a Microsoft word document.

Other possibilities may include using embedded TTF fonts in other types of files such as PDF.

Description inserted by Martin Muench on Sunday, December 30, 2012
Description updated by Martin Muench on Sunday, December 30, 2012

Back . . . .