SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1024074
SecurityTracker URL:  http://securitytracker.com/id/1024074
CVE Reference:   CVE-2010-0819   (Links to External Site)
Date:  Jun 8 2010
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4, 2003 SP2, Vista SP2, 2008 SP2, 2008 R2, XP SP3, 7; and prior service packs
Description:   A vulnerability was reported in Windows OpenType Compact Font Format processing. A local user can obtain elevated privileges on the target system.

A local user can run a specially crafted program to execute arbitrary code on the target system with kernel level privileges.

Chris Carton of Laserforce International reported this vulnerability via Secunia.

Impact:   A local user can obtain kernel level privileges on the target system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=5D645891-31E9-42C4-B12B-EB351473FD0C

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=B42A17C5-997E-4504-BA5B-BFA62166B460

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=DC835B94-3368-4C1C-8F29-40517C73540E

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CA49B5B5-DB8E-4EBC-9A3C-B1ACE09AC3C0

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B0794E7E-C925-4672-B7A5-4BB3F847F045

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=6E76EBEA-BDE1-4352-A283-DD71C2CC51A1

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=363B503A-2E1E-4284-A029-9695D2ACFCB6

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3F512B86-3A99-47F7-A90E-1AE9B291385C

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E78AD607-D209-48C4-B0F3-ED4C70993174

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=85F6FC5D-EFD1-4351-B4C0-B9B7080E6173

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=C6F1AAE5-E8FD-4121-89B2-B97C571E8223

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=969AF8D6-F6DA-4DD1-A7D7-2DE54A5A8978

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=B069E5B2-AA2D-452E-B687-8734B5BA0051

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=45242C7C-3752-44BF-A766-024AD7D28F53

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=0A271FB5-DA5B-4A17-9593-E56B9A843B8F

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-037.mspx (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Tue, 08 Jun 2010 19:09:20 +0000
Subject:  http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx


Microsoft Security Bulletin MS10-037 - Important: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)

CVE-2010-0819
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC