Microsoft Windows OpenType CFF驱动本地权限提升漏洞（MS10-037）

BUGTRAQ ID: 40572 CVE ID: CVE-2010-0819 Windows是微软发布的非常流行的操作系统。 Windows OpenType CFF驱动没有正确地验证用户态传送给内核态的某些数据，如果用户查看了特制CCF字体所渲染的内容，在获得字型轮廓时就会用任意数量的0字节覆盖内核内存，导致内核级权限提升。攻击者必须拥有有效的登录凭据且能够本地登录才可以利用这个漏洞，无法远程或匿名利用。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft...

MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)

The remote Windows host contains a version of the OpenType Compact Font Format CFF Font Driver that fails to properly validate certain data passed from user mode to kernel mode. By viewing content rendered in a specially crafted CFF font, a local attacker may be able to exploit this vulnerability...

Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)

This host is missing an important security update according to Microsoft Bulletin MS10-037. OpenVAS Vulnerability Test $Id: secpodms10-037.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability 980218 Authors: Sooraj KS...