CVE-2010-3957 - Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Win

CVE-2010-3957

Summary

Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

CVSS

Base:	6.9 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS10-091
bulletin_url
date	2010-12-14T00:00:00
impact	Remote Code Execution
knowledgebase_id	2296199
knowledgebase_url
severity	Critical
title	Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution

oval via4

accepted

2012-03-26T04:01:22.947-04:00

class

vulnerability

contributors

name Josh Turpin
organization Symantec Corporation
name Dragos Prisaca
organization Symantec Corporation

definition_extensions

comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 (ia64) SP2 is installed
oval oval:org.mitre.oval:def:1442
comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
oval oval:org.mitre.oval:def:4873
comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
oval oval:org.mitre.oval:def:5254
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:6124
comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:5594
comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:5653
comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6216
comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6150
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954

description

family

windows

oval:org.mitre.oval:def:12329

status

accepted

submitted

2010-06-08T13:00:00

title

OpenType Font Double Free Vulnerability

version

refmap via4

cert	TA10-348A
sectrack	1024873

Last major update

26-02-2019 - 14:04

Published

16-12-2010 - 19:33

Last modified

26-02-2019 - 14:04