Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-43778
HistoryOct 12, 2010 - 12:00 a.m.

Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2740 Privilege Escalation Vulnerability

2010-10-1200:00:00
Symantec Security Response
www.symantec.com
14

0.413 Medium

EPSS

Percentile

96.9%

JSON

Description

Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Technologies Affected

  • Avaya CallPilot
  • Avaya Communication Server 1000 Telephony Manager
  • Avaya Meeting Exchange - Client Registration Server
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server
  • Avaya Meeting Exchange - Web Conferencing Server
  • Avaya Meeting Exchange - Webportal
  • Avaya Messaging Application Server
  • Microsoft Windows Server 2003 Datacenter x64 Edition SP2
  • Microsoft Windows Server 2003 Enterprise x64 Edition SP2
  • Microsoft Windows Server 2003 Itanium SP2
  • Microsoft Windows Server 2003 SP2
  • Microsoft Windows Server 2003 Sp2 Compute Cluster
  • Microsoft Windows Server 2003 Sp2 Datacenter
  • Microsoft Windows Server 2003 Sp2 Enterprise
  • Microsoft Windows Server 2003 Sp2 Storage
  • Microsoft Windows Server 2003 Standard Edition SP2
  • Microsoft Windows Server 2003 Web Edition SP2
  • Microsoft Windows Server 2003 x64 SP2
  • Microsoft Windows XP Embedded SP3
  • Microsoft Windows XP Home SP3
  • Microsoft Windows XP Media Center Edition SP3
  • Microsoft Windows XP Professional SP3
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Tablet PC Edition SP3

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted and accountable individuals to have local interactive access to vulnerable computers.

Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.

The vendor released an advisory and updates. Please see the references for details.

Related

checkpoint_advisories 1
cve 1
prion 1
securityvulns 2
openvas 2
nessus 1
seebug 1
checkpoint_advisories
checkpoint_advisories
Microsoft OpenType Font Parsing Elevation of Privilege (MS10-078; CVE-2010-2740)
2010-10-12 00:00:00
cve
cve
CVE-2010-2740
2010-10-13 19:00:00
prion
prion
Design/Logic Flaw
2010-10-13 19:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-078 - Important Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
2010-10-13 00:00:00
Microsoft Windows multiple security vulnerabilities
2010-10-13 00:00:00
openvas
openvas
OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)
2010-10-13 00:00:00
OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)
2010-10-13 00:00:00
nessus
nessus
MS10-078: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
2010-10-13 00:00:00
seebug
seebug
Microsoft Windows OTF格式驱动多个本地权限提升漏洞(MS10-078)
2010-10-15 00:00:00

0.413 Medium

EPSS

Percentile

96.9%

JSON
Related for SMNTC-43778
checkpoint_advisories1cve1prion1securityvulns2openvas2nessus1seebug1