Windows : Microsoft Bulletins : OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.902320

Category: Windows : Microsoft Bulletins

Title: OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)

Summary: Check for version of vulnurable file 'Atmfd.dll'

Description:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-078.

Vulnerability Insight:
The flaws are due to an error in the OpenType Font (OTF) format
driver,
- It does not properly allocate memory when parsing a specially crafted font.
- It does not properly perform an integer calculation when processing specially
crafted OpenType fonts.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with kernel privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx

References:
http://www.vupen.com/english/advisories/2010/2625
http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx

Cross-Ref: BugTraq ID: 43779
BugTraq ID: 43778
Common Vulnerability Exposure (CVE) ID: CVE-2010-2740
Microsoft Security Bulletin: MS10-078
http://www.microsoft.com/technet/security/Bulletin/MS10-078.mspx
Cert/CC Advisory: TA10-285A
http://www.us-cert.gov/cas/techalerts/TA10-285A.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7258
Common Vulnerability Exposure (CVE) ID: CVE-2010-2741
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6742

Copyright Copyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.902320
Category:	Windows : Microsoft Bulletins
Title:	OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)
Summary:	Check for version of vulnurable file 'Atmfd.dll'
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-078. Vulnerability Insight: The flaws are due to an error in the OpenType Font (OTF) format driver, - It does not properly allocate memory when parsing a specially crafted font. - It does not properly perform an integer calculation when processing specially crafted OpenType fonts. Impact: Successful exploitation could allow attackers to execute arbitrary code with kernel privileges. Impact Level: System Affected Software/OS: Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx References: http://www.vupen.com/english/advisories/2010/2625 http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx
Cross-Ref:	BugTraq ID: 43779 BugTraq ID: 43778 Common Vulnerability Exposure (CVE) ID: CVE-2010-2740 Microsoft Security Bulletin: MS10-078 http://www.microsoft.com/technet/security/Bulletin/MS10-078.mspx Cert/CC Advisory: TA10-285A http://www.us-cert.gov/cas/techalerts/TA10-285A.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7258 Common Vulnerability Exposure (CVE) ID: CVE-2010-2741 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6742
Copyright	Copyright (C) 2010 SecPod