Microsoft Windows OpenType Font Driver Three Vulnerabilities

Posted on Monday, December 20, 2010 @ 21:45:49 CET in Security
by Raven



CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

1) An array indexation error within the OpenType Font (OTF) driver while parsing OpenType fonts can be exploited to corrupt memory.
2) A double-free error due to the OpenType Font (OTF) driver not properly resetting a pointer when freeing memory can be exploited to corrupt memory via a specially crafted OpenType font.
3) An unspecified error in the OpenType Font (OTF) driver when parsing the CMAP table of an OpenType font can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code in kernel mode.

SOLUTION: Apply the patches.

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2) Marc Schoenefeld, Red Hat Security Response Team 3) Paul-Kenji Cahier Furuya

ORIGINAL ADVISORY: MS10-091 (KB2296199):
click Related        click Share
Associated Topics


News ©

Site Info v2.2.2

Last SeenLast Seen
  • elnegro
  • Doulos
Server TrafficServer Traffic
  • Total: 377,160,425
  • Today: 40,551
Server InfoServer Info
  • Feb 21, 2019
  • 10:51 pm CET