CVE-2011-3402

KEV EPSS 88.31% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-3402

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows 任意代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows多个版本内核的Win32k TrueType字体解析引擎中存在未明漏洞。远程攻击者可借助Word文件中特制字体数据执行任意代码。这些版本包括：Microsoft Windows XP SP2和SP3版本，Windows Server 2003 SP2版本，Windows Vista SP2版本，Windows Server 2008 SP2，R2以及R2 SP1版本和Window

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2011-3402

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2011-3402

请登录查看更多情报信息。

http://isc.sans.edu/diary/Duqu+Mitigation/11950x_refsource_MISC
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdfx_refsource_MISC
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdfx_refsource_MISC
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspxx_refsource_CONFIRM
http://technet.microsoft.com/security/advisory/2639658x_refsource_CONFIRM
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-filesx_refsource_MISC
http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploitx_refsource_MISC
http://secunia.com/advisories/49122third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/49121third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1027039vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA12-129A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA11-347A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlthird-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2011-3402

Same Patch Batch · n/a · 2011-11-04 · 12 CVEs total

CVE-2011-1513		e107 ‘cmd’ 参数远程命令执行漏洞
CVE-2011-3164		HP-UX Containers 本地权限提升漏洞
CVE-2011-3171		Pure-FTPd本地文件覆盖漏洞
CVE-2011-3330		Schneider Electric 多个产品本地权限提升漏洞
CVE-2011-3364		GNOME NetworkManager本地权限提升漏洞
CVE-2011-3581		ldns 缓冲区溢出漏洞
CVE-2011-3594		libpurple SILC协议拒绝服务漏洞
CVE-2011-3616		Gentoo 本地权限提升漏洞
CVE-2011-3989		DBD::mysqlPP SQL注入漏洞
CVE-2011-3991		FFFTP不安全可执行文件加载任意代码执行漏洞
CVE-2011-4066		Gnuboard 'board.php' SQL注入漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2011-3402

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2011-3402

I. Basic Information for CVE-2011-3402

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2011-3402

III. Intelligence Information for CVE-2011-3402

Same Patch Batch · n/a · 2011-11-04 · 12 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2011-3402

Leave a comment