CVE-2011-3402: Microsoft Windows Remote Code Execution Vulnerability.
Microsoft Windows Remote Code Execution Vulnerability. Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.
- CISA KEV-listed (remediation due 2025-10-27)
- EPSS 88.3% (99.5% percentile)