Executive Summary
Summary | |
---|---|
Title | Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) |
Informations | |||
---|---|---|---|
Name | MS10-037 | First vendor Publication | 2010-06-08 |
Vendor | Microsoft | Last vendor Modification | 2010-06-08 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (June 8, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-037.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7072 | |||
Oval ID: | oval:org.mitre.oval:def:7072 | ||
Title: | OpenType CFF Font Driver Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0819 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-06-09 | Name : Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vu... File : nvt/secpod_ms10-037.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65217 | Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a boundary error occurs in the Windows OpenType Compact Font Format (CFF) driver, allowing a local attacker to overwrite kernel memory when getting a glyph outline and gain elevated privileges. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-09 | Name : The remote Windows host contains a font driver that is affected by a privileg... File : smb_nt_ms10-037.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:34 |
|