TITLE: Microsoft Windows OpenType Font Parsing Two Vulnerabilities Criticality level: Highly critical Impact: System access, Privilege escalation Where: From remote http://secunia.com/advisories/41778/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a user's system. 1) An error in the parsing of OTF (OpenType Font) files can be exploited by loading a properly formatted font and then reload it with specially crafted offset and length fields for the head table of the font. 2) An error when allocating memory during parsing of OTF files can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code with kernel privileges. For third-party web browsers natively rendering OpenType Fonts (OTF), this may be exploited remotely when a user visits a web page embedding a specially crafted font. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS10-078 (KB2279986): http://www.microsoft.com/technet/security/bulletin/ms10-078.mspx Core Security Technologies: http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-