CVE-2010-2741

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-2741 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Diego Juarez.
The original article can be found at: http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-2741

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Windows XP
* Windows 2003

Immune Systems:
* Windows Vista
* Windows 2008
* Windows 7

The vulnerability occurs in the font cache. A well-formed font is loaded, and thus stored in the cache. Afterwards, the same font is reloaded, but with invalid offset and length fields for the head table of the font. The offset field is located at offset 0x64 in the file, and the length field is located at offset 0x68.

Patch Availability:
Microsoft has released security bulletin MS10-078 addressing this issue:
http://www.microsoft.com/technet/security/bulletin/ms10-078.mspx

CVE Information:
CVE-2010-2741

Disclosure Timeline:
2010-06-28: Initial notification sent to MSRC, including proof-of-concept code to reproduce it.
2010-06-29: MSRC acknowledges bug report.
2010-10-12: Advisory CORE-2010-0624 is published.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus