Microsoft Windows Remote Code Execution Vulnerability
Release Date: 06th of October 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations and individuals that utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
CVE-2011-3402: is a remote code execution vulnerability in the TrueType font parsing engine (win32k.sys) that allows specially crafted font data in a web page or Office document to execute code in kernel mode
What are the Systems affected?
Windows versions affected include:
- Windows XP (SP2/SP3),
- Windows Server 2003 (SP2),
- Windows Vista (SP2),
- Windows Server 2008 (SP2 / R2),
- Windows 7 (Gold / SP1) and
- corresponding server builds that were supported in 2011 — i.e., systems that did not receive the MS11-087 update are vulnerable.
What this means?
Allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka “TrueType Font Parsing Vulnerability.”
Mitigation process
CERTVU recommend:
Apply Microsoft patching updates immediately. Install Microsoft security update MS11-087 (December 13, 2011) which addresses CVE-2011-3402
References
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2011-3402
- https://learn.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087
- https://exploitshop.wordpress.com/2012/01/18/ms11-087-aka-duqu-vulnerability-in-windows-kernel-mode-drivers-could-allow-remote-code-execution/
- Download advisory (English): Microsoft Windows Remote Code Execution Vulnerability
- Download advisory (French): Vulnérabilité d’exécution de code à distance dans Microsoft Windows