Ravens PHP Scripts

Microsoft Windows OpenType Font Driver Three Vulnerabilities
Date: Monday, December 20, 2010 @ 21:45:49 PST
Topic: Security


SECUNIA ADVISORY ID: SA42604

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42604/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.




1) An array indexation error within the OpenType Font (OTF) driver while parsing OpenType fonts can be exploited to corrupt memory.
2) A double-free error due to the OpenType Font (OTF) driver not properly resetting a pointer when freeing memory can be exploited to corrupt memory via a specially crafted OpenType font.
3) An unspecified error in the OpenType Font (OTF) driver when parsing the CMAP table of an OpenType font can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code in kernel mode.

SOLUTION: Apply the patches.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2) Marc Schoenefeld, Red Hat Security Response Team 3) Paul-Kenji Cahier Furuya

ORIGINAL ADVISORY: MS10-091 (KB2296199): http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3873