Summary
This host has moderate security update missing according to Microsoft Bulletin MS11-084.
Impact
Successful exploitation could allow local attackers to gain elevated privileges or to run arbitrary code in kernel mode and take complete control of an affected system. An attacker could then install programs view, change, or delete data or create new accounts with full administrative rights.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-084
Insight
The flaw is due to an array-indexing error in 'Win32k.sys' when parsing TrueType font files, which can be exploited by attackers to cause a denial of service.
Affected
Microsoft Windows 7 Service Pack 1 and prior
References
Severity
Classification
-
CVE CVE-2011-2004 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
- Microsoft Excel Remote Code Execution Vulnerabilities (968557)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)