Monday, October 18, 2010

MS OpenType: CFF Parsing Vulnerability

Users of MS OpenType please be advised of a CFF Parsing vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
CORE-2010-0624: [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability
*Vulnerability Description*



While investigating the OpenType Compact Font Format vulnerability

disclosed in MS10-037, Diego Juarez discovered another kernel bug in the

parsing of OTF files. Loading a malformed OpenType font can cause the

entire system to crash. The vulnerability could be used locally by

attackers with access to an unprivileged account to elevate privileges

to those of a System Adminsitrator.
Read more at www.criticalwatch.com
 

No comments:

Post a Comment