Microsoft Windows OpenType Font Multiple Vulnerabilities ( 13 October 2010 )
RISK: Medium Risk
1. OpenType Font Parsing Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
2. OpenType Font Validation Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Elevation of Privilege
System / Technologies affected
- Windows XP
- Windows Server 2003
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
Vulnerability Identifier
Source
Related Link
Share with