[PCWorks] Windows OpenType Font Parsing Two Vulnerabilities

• From: "Clint-OrpheusComputing.com" <orpheuscomputing@xxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Thu, 14 Oct 2010 07:34:24 -0500

TITLE:
Microsoft Windows OpenType Font Parsing Two Vulnerabilities

Criticality level:  Highly critical
Impact:  System access, Privilege escalation
Where:  From remote

http://secunia.com/advisories/41778/

DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Windows, 
which
can be exploited by malicious, local users to gain escalated
privileges and potentially by malicious people to compromise a 
user's
system.

1) An error in the parsing of OTF (OpenType Font) files can be
exploited by loading a properly formatted font and then reload 
it
with specially crafted offset and length fields for the head 
table of
the font.

2) An error when allocating memory during parsing of OTF files 
can be
exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow 
execution of
arbitrary code with kernel privileges. For third-party web 
browsers
natively rendering OpenType Fonts (OTF), this may be exploited
remotely when a user visits a web page embedding a specially 
crafted
font.

SOLUTION:
Apply patches.

ORIGINAL ADVISORY:
MS10-078 (KB2279986):
http://www.microsoft.com/technet/security/bulletin/ms10-078.mspx

Core Security Technologies:
http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Windows OpenType Font Parsing Two Vulnerabilities - Clint-OrpheusComputing.com

1. Home
2. pcworks
3. Archive
4. 10-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---