MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

NASLDB: MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

General

ID: 51163
Name: MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

Summary: Checks the version of Atmfd.dll

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 139
Family: Windows : Microsoft Bulletins
Type: Local

Description

The remote Windows host contains a version of the OpenType Font (OTF)
Format Driver that is affected by two vulnerabilities :

– The driver does not properly index an array when
parsing OpenType fonts, which could allow a remote
attacker to run arbitrary code in kernel mode.
(CVE-2010-3956)

– The driver does not properly reset a pointer when
freeing memory, resulting in a ‘double free’ condition,
which could allow a remote attacker to run arbitrary
code in kernel mode. (CVE-2010-3957)

– The driver does not properly parse the CMAP table when
rendering a specially crafted OpenType font, which
could allow a local attacker to run arbitrary code in
kernel mode. (CVE-2010-3959)

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2010-3956
OSVDB: –
Bugtraq: 45311
scipID: –

Timeline

Vulnerability Disclosure: 2010/12/14
Patch Release: 2010/12/14
Plugin Release: 2010/12/15

Plugin

Version: 1.14
Filename: smb_nt_ms10-091.nasl
Filesize: 4438 bytes
MD5 Hash: 19ea08742d798d7eed7c5014be8a1742

Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"