Buffer overflow in Microsoft Windows_2003_server

CVE-2011-0034

Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 G…

Vulnerability class: Buffer Overflow

EPSS: 0.567 (98.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

MS11-032 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:11860 (x_refsource_OVAL, signature, vdb-entry)
TA11-102A (US Government Resource, x_refsource_CERT, third-party-advisory)