MS10-091 - Critical: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execu

Discussion in 'Security Alerts' started by News, Dec 14, 2010.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating: Critical - Revision Note: V1.0 (December 14, 2010): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Share This Page