Windows Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024544 |
|
SecurityTracker URL: http://securitytracker.com/id/1024544
|
|
CVE Reference:
CVE-2010-1883
(Links to External Site)
|
Date: Oct 12 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7, 2008 R2; and prior service packs
|
Description:
A vulnerability was reported in Windows Embedded OpenType Font Engine. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create content with a specially crafted embedded OpenType font (EOF) that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Sebastian Apelt via Tipping Point's Zero Day Initiative and Ivan Fratric via the iSIGHT Partners Global Vulnerability Partnership reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=C3799399-CA72-4DEC-A2A2-3571AD0B2F63
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=860FF738-205D-430E-B223-B333813FC590
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7B240B65-F3CA-465C-A606-B561999C1977
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=70C9E826-B80B-4A20-82D2-8E52E5CCA839
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=BD5878BB-F565-4303-AFED-4E17B44A02F2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=29C4AFB1-227D-4572-B136-A78EF7E1DF77
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=880AD9A0-6DDD-41F4-A608-171D59A31B6A
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=50386655-982E-4126-8261-2C972D695BBD
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=A6B2AE1D-9225-4495-8560-97860F87D7B4
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=A4E38A77-3835-47B3-BD86-6C039169ABF5
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=F6CAE091-E9F1-48E9-A035-4346B9C6FEC6
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=35882477-4E0A-4783-A4B4-0F1EA3398360
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=B060C516-233A-4E1E-9237-698420E97B2F
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=0EAD2ED9-8B2F-496E-B7D1-3AD2B04BE5CC
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-076.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-076.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Oct 2010 17:20:33 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-076.mspx
|
Microsoft Security Bulletin MS10-076 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
CVE-2010-1883
|
|
