{"guid":"import-780e90a537db52bc88","title":"CVE-2011-3402 Technical Analysis","subtitle":null,"slug":"29c3-5417-en-cve_2011_3402_analysis_h264","link":"http://events.ccc.de/congress/2012/Fahrplan/events/5417.en.html","description":"CVE-2011-3402 is well known as the Windows Kernel TrueType [Font]\n0-day used in the \"Duqu\" attack(s). Recently this exploit has begun to\nappear in several crimeware exploit kits... Actually, not merely just the\nexploit, but the *entire* font file used by Duqu, now being harnessed to\ninfect a large population with malware.  This talk will mostly be an\nextremely low-level walk-through of the font program within this TrueType\nfont, which is used to manipulate the Windows Kernel into executing the\nnative x86 shellcode.\n","original_language":"eng","persons":["Julia Wolf"],"view_count":997,"promoted":false,"date":"2012-12-29T01:00:00.000+01:00","release_date":"2013-01-06T01:00:00.000+01:00","updated_at":"2026-03-14T18:45:04.352+01:00","tags":["29c3"],"length":3537,"duration":3537,"thumb_url":"https://static.media.ccc.de/media/congress/2012/29c3-5417-en-cve_2011_3402_analysis_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2012/29c3-5417-en-cve_2011_3402_analysis_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2012/import-780e90a537db52bc88-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2012/import-780e90a537db52bc88-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/29c3-5417-en-cve_2011_3402_analysis_h264","url":"https://api.media.ccc.de/public/events/import-780e90a537db52bc88","conference_title":"29C3: Not my department","conference_url":"https://api.media.ccc.de/public/conferences/29c3","related":[{"event_id":18,"event_guid":"import-3a3291458168550dc9","weight":1},{"event_id":22,"event_guid":"import-d9fdeee55d49ce271e","weight":2},{"event_id":26,"event_guid":"import-7546b8f6ee2d14b2e6","weight":1},{"event_id":30,"event_guid":"import-26f964c4d0bd0d0add","weight":1},{"event_id":31,"event_guid":"import-a05a76991aa031db49","weight":1},{"event_id":32,"event_guid":"import-714b015334b6bc6ff0","weight":1},{"event_id":709,"event_guid":"import-86dcc5d427d763434f","weight":1},{"event_id":714,"event_guid":"import-72f36f6e2f89c8ba36","weight":1},{"event_id":747,"event_guid":"import-ea3c62f4ae68df82e6","weight":1},{"event_id":815,"event_guid":"import-e3bf427a6d2ffaa0a2","weight":1},{"event_id":893,"event_guid":"import-e848aa3a18f08fcdfa","weight":1},{"event_id":1383,"event_guid":"import-c5cfcdb5af5a7ff87e","weight":2},{"event_id":1396,"event_guid":"import-75b2d58a4dc12e1a88","weight":1},{"event_id":1401,"event_guid":"import-ca7f98bebd89e24485","weight":1},{"event_id":1433,"event_guid":"import-0d85220ad4a9ae8992","weight":1},{"event_id":1492,"event_guid":"import-8f965f2d6d5db71f04","weight":1},{"event_id":1495,"event_guid":"import-c2e1b194e485612aaa","weight":1},{"event_id":1505,"event_guid":"import-aab17311f8754984a4","weight":1},{"event_id":1514,"event_guid":"import-277d479110cdedadc5","weight":1},{"event_id":1526,"event_guid":"import-8f741823f0d689a05e","weight":8},{"event_id":1543,"event_guid":"import-a17dc159cb6895d8cd","weight":1},{"event_id":1548,"event_guid":"import-c55c543fed3dbc291f","weight":1},{"event_id":1550,"event_guid":"import-0a4b167b1f0882d707","weight":1},{"event_id":1556,"event_guid":"import-ae0af31316a495be6a","weight":1},{"event_id":1559,"event_guid":"import-ec49201b9a28338359","weight":1},{"event_id":1567,"event_guid":"import-6e1975ef73fbf52e06","weight":1},{"event_id":1573,"event_guid":"import-a9c9273e3172d5e77c","weight":1},{"event_id":1591,"event_guid":"import-a110a31f1ffd593368","weight":1},{"event_id":1606,"event_guid":"import-dc19512cf9bb9158fd","weight":1},{"event_id":1621,"event_guid":"import-6b9d989911d88e19ca","weight":1},{"event_id":1630,"event_guid":"import-196baee714b3785cfb","weight":1},{"event_id":1636,"event_guid":"import-abe84190a8a3851cdb","weight":1},{"event_id":1638,"event_guid":"import-edaa0ada3bc5a12d59","weight":1},{"event_id":1639,"event_guid":"import-c1ae7fae8ec6c162b5","weight":5},{"event_id":1641,"event_guid":"import-c56bb30a25766c2a18","weight":1},{"event_id":1648,"event_guid":"import-cc4c7fb71df2c4b328","weight":2},{"event_id":1655,"event_guid":"import-4fd5a1fd16f55e0a18","weight":1},{"event_id":1666,"event_guid":"import-9ea9ae180acd0e8e38","weight":1},{"event_id":1667,"event_guid":"import-a5a5dd91ef7a9120d5","weight":1},{"event_id":1675,"event_guid":"import-30e78222488f0be76e","weight":1},{"event_id":1678,"event_guid":"import-499496e1f8d0dc96ab","weight":2},{"event_id":1698,"event_guid":"import-8ea249dc923ddef614","weight":2},{"event_id":1704,"event_guid":"import-a9812440f38232930c","weight":1},{"event_id":1709,"event_guid":"import-8f293c99e8d1851518","weight":1},{"event_id":1711,"event_guid":"import-8381ce96744da065b9","weight":1},{"event_id":1712,"event_guid":"import-79b1beb3f18e5edc5a","weight":1},{"event_id":1728,"event_guid":"3poSeUcpc6woNaI5dhATcQ","weight":2},{"event_id":1776,"event_guid":"bucvwuHzaSgt7x_L06ZcFA","weight":1},{"event_id":1810,"event_guid":"d3O96YnMHkiPLhp50TPJAA","weight":1},{"event_id":1832,"event_guid":"toykIIIHEXC1x8F7xoiYRw","weight":1},{"event_id":1854,"event_guid":"D27zQV1jKk88oKyXxGBGPQ","weight":1},{"event_id":1878,"event_guid":"import-159c383d86bea5f232","weight":1},{"event_id":1952,"event_guid":"e7ca6d029c833227","weight":1},{"event_id":2359,"event_guid":"344fc141-8d3a-4de6-8bd3-ca7b47410bc5","weight":1},{"event_id":2395,"event_guid":"62b038eb-2975-4065-95ee-09a068dbfb81","weight":1},{"event_id":2446,"event_guid":"725d37fb-0e6c-4ac0-9106-4cefa8e898ea","weight":1},{"event_id":2705,"event_guid":"55fccc39-c1bb-4d05-aa95-7188ad229f56","weight":1},{"event_id":2735,"event_guid":"5c0323b6-c538-4fb6-8d70-d08def6bf865","weight":1},{"event_id":2823,"event_guid":"c6f44cff-122c-44f3-bcf9-683577a67e85","weight":1},{"event_id":2886,"event_guid":"088e3078-bab2-433d-8be2-f1a4b37b4d5c","weight":2},{"event_id":2941,"event_guid":"56126bd1-f1b3-4bc7-81be-304b6b681cde","weight":1},{"event_id":3306,"event_guid":"9fc873bf-e53b-5d69-906d-643be6cf29e6","weight":1},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":1}],"recordings":[{"size":252,"length":3537,"mime_type":"video/mp4","language":"eng","filename":"29c3-5417-en-cve_2011_3402_analysis_h264.mp4","state":"downloaded","folder":"mp4-h264-HQ","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:53.546+01:00","recording_url":"https://cdn.media.ccc.de/congress/2012/mp4-h264-HQ/29c3-5417-en-cve_2011_3402_analysis_h264.mp4","url":"https://api.media.ccc.de/public/recordings/3319","event_url":"https://api.media.ccc.de/public/events/import-780e90a537db52bc88","conference_url":"https://api.media.ccc.de/public/conferences/29c3"},{"size":252,"length":3537,"mime_type":"video/webm","language":"eng","filename":"29c3-5417-en-cve_2011_3402_analysis_webm.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:53.573+01:00","recording_url":"https://cdn.media.ccc.de/congress/2012/webm/29c3-5417-en-cve_2011_3402_analysis_webm.webm","url":"https://api.media.ccc.de/public/recordings/3318","event_url":"https://api.media.ccc.de/public/events/import-780e90a537db52bc88","conference_url":"https://api.media.ccc.de/public/conferences/29c3"},{"size":252,"length":3537,"mime_type":"audio/mpeg","language":"eng","filename":"29c3-5417-en-cve_2011_3402_analysis_mp3.mp3","state":"downloaded","folder":"mp3-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-10T15:26:59.406+02:00","recording_url":"https://cdn.media.ccc.de/congress/2012/mp3-audio-only/29c3-5417-en-cve_2011_3402_analysis_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/3320","event_url":"https://api.media.ccc.de/public/events/import-780e90a537db52bc88","conference_url":"https://api.media.ccc.de/public/conferences/29c3"}]}