Microsoft Windows OpenType Font Driver Three Vulnerabilities

Posted on Monday, December 20, 2010 @ 21:45:49 PST in Security
by Raven

SECUNIA ADVISORY ID: SA42604

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42604/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.


1) An array indexation error within the OpenType Font (OTF) driver while parsing OpenType fonts can be exploited to corrupt memory.
2) A double-free error due to the OpenType Font (OTF) driver not properly resetting a pointer when freeing memory can be exploited to corrupt memory via a specially crafted OpenType font.
3) An unspecified error in the OpenType Font (OTF) driver when parsing the CMAP table of an OpenType font can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code in kernel mode.

SOLUTION: Apply the patches.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2) Marc Schoenefeld, Red Hat Security Response Team 3) Paul-Kenji Cahier Furuya

ORIGINAL ADVISORY: MS10-091 (KB2296199): http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft


Windows
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 343,895,317
  • Today: 11,294
Server InfoServer Info
  • Dec 12, 2017
  • 04:30 am PST
 
 

Daily Inspiration