TITLE: Microsoft Windows OpenType Compact Font Format Driver Vulnerability Criticality level: Highly critical Impact: System access, DoS Where: From remote SECUNIA ADVISORY ID: http://secunia.com/advisories/43836/ Operating Systems: Microsoft Windows 7 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Storage Server 2003 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. The vulnerability is caused due to an error in the OpenType Compact Font Format Driver when parsing OpenType fonts. This can be exploited by tricking a user into navigating to a network share containing a specially crafted font file in Windows Explorer (only Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2) or visit a specially crafted web page using a third-party browser that natively renders OpenType fonts. Successful exploitation may allow execution of arbirtary code in kernel mode. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS11-032 (KB2507618): http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-