Unspecified vulnerability in the TrueType font parsing engine in
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote
attackers to execute arbitrary code via crafted font data in a Word
document or web page, as exploited in the wild in November 2011 by
Duqu, aka "TrueType Font Parsing Vulnerability."
|