{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Windows Server 2008 R2 SP1 (Itanium et 64bits).","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Vista SP1 et SP2 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 7 SP1 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2003 SP2 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows 7 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 R2 (Itanium et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP SP3 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2003 SP2 (Itanium) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 SP2 (Itanium) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 (Itanium) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows XP Pro SP2 64bits ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Windows Server 2008 SP2 (32bits et 64bits) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le pilote Compact Font Format\n(CFF) OpenType. Elle permet \u00e0 un utilisateur malintentionn\u00e9 d'\u00e9lever ses\nprivil\u00e8ges (Windows XP et Server 2003) ou d'ex\u00e9cuter du code arbitraire\n\u00e0 distance (autres versions de Windows) au moyen d'une police CFF\nsp\u00e9cialement con\u00e7ue et en incitant sa visualisation par un utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2011-0034","url":"https://www.cve.org/CVERecord?id=CVE-2011-0034"}],"links":[],"reference":"CERTA-2011-AVI-215","revisions":[{"description":"version initiale.","revision_date":"2011-04-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le pilote Compact Font Format\n(CFF) OpenType. Elle permet \u00e0 un utilisateur malintentionn\u00e9 d'\u00e9lever ses\nprivil\u00e8ges ou d'ex\u00e9cuter du code arbitraire \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9 dans le pilote Compact Font Format (CFF) OpenType","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS11-032 du 12 avril 2011","url":"http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx"}]}