Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025334 |
|
SecurityTracker URL: http://securitytracker.com/id/1025334
|
|
CVE Reference:
CVE-2011-0034
(Links to External Site)
|
Date: Apr 12 2011
|
Impact:
Execution of arbitrary code via network, Root access via local system, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
|
Description:
A vulnerability was reported in the Microsoft Windows OpenType CFF Driver. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted OpenType Compact Font Format (CFF) font hosted on a network share. When the target user navigates to the share via Windows Explorer and uses either the Details or Preview panes, a stack overflow will occur and arbitrary code will be executed on the target system. The code will run with kernel level privileges.
Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 systems are affected.
On Windows XP and Windows Server 2003 systems, a local user can exploit this to obtain elevated privileges.
Adam Twardoch of Fontlab Ltd. reported this vulnerability.
|
Impact:
A remote user can create a font file that, when loaded by the target user in a certain way, will execute arbitrary code on the target user's system.
A local user can gain kernel level privileges.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=9080C5A1-E638-4047-A70A-9367F1ACCED7
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2374E09A-CB3E-4BC3-BB4B-53B611025121
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=5D71D3F5-FD6B-4F3B-8389-37C899748D4B
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3A498FF0-21D9-493A-B127-6BC20F1BAF95
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=C71F4398-2E3B-4B81-A650-8806E618DB7F
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=E7C4FC81-D1EF-4378-862B-E955D75FB2DE
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8D654A78-0E4F-452C-8874-FBF478813857
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9105377E-83C7-4010-8FD6-26E42E98C2CC
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=060E8B20-EDCA-4427-9D60-EB57261EB668
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2B8571CB-2DAE-4BFF-9F13-FEB89840044C
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=751C45EA-0943-4948-807F-8716C6FF9198
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=976C882A-BC07-4128-927F-82A2DF46CF45
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6F2A52CC-4833-448D-BECC-2EAC1A447410
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=C6CA0B7C-8151-4D54-AA9B-5EC2B75D8AB6
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-032.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Apr 2011 18:38:52 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx
|
Microsoft Security Bulletin MS11-032 - Critical: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
CVE-2011-0034
[solution_section]
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=9080C5A1-E638-4047-A70A-9367F1ACCED7
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2374E09A-CB3E-4BC3-BB4B-53B611025121
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=5D71D3F5-FD6B-4F3B-8389-37C899748D4B
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3A498FF0-21D9-493A-B127-6BC20F1BAF95
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=C71F4398-2E3B-4B81-A650-8806E618DB7F
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=E7C4FC81-D1EF-4378-862B-E955D75FB2DE
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8D654A78-0E4F-452C-8874-FBF478813857
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9105377E-83C7-4010-8FD6-26E42E98C2CC
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=060E8B20-EDCA-4427-9D60-EB57261EB668
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2B8571CB-2DAE-4BFF-9F13-FEB89840044C
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=751C45EA-0943-4948-807F-8716C6FF9198
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=976C882A-BC07-4128-927F-82A2DF46CF45
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6F2A52CC-4833-448D-BECC-2EAC1A447410
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=C6CA0B7C-8151-4D54-AA9B-5EC2B75D8AB6
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-032.mspx
[/solution_section]
[bugno]2507618
[msno]MS11-032
[severity]Critical
|
|
