Microsoft has published a Security Advisory ("Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege", CVE-2011-3402) regarding a vulnerability in Microsoft Windows operating systems that can allow an attacker to craft a malicious TrueType font that can result in the execution of arbitrary code in kernel mode.
Complete information from Microsoft is available at http://technet.microsoft.com/en-us/security/advisory/2639658.
Palo Alto Networks content update version 275 (released 11/8/11) provides signature-based detection of attempted exploitation of the vulnerability described in this Microsoft Security Advisory.
The following signatures have been added to detect exploitation of this vulnerability:
|critical||34517||Microsoft TrueType Font Rendering Memory Corruption Vulnerability||CVE-2011-3402||alert|
|critical||34518||Microsoft TrueType Font Rendering Memory Corruption Vulnerability||CVE-2011-3402||alert|
Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact support.
11/9/11 - Advisory posted