| Vulnerability Name: | CVE-2010-2741 (CCN-62153) | ||||||||
| Assigned: | 2010-10-12 | ||||||||
| Published: | 2010-10-12 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-2741 Source: CCN Type: SA41778 Microsoft Windows OpenType Font Parsing Two Vulnerabilities Source: CONFIRM Type: UNKNOWN http://support.avaya.com/css/P8/documents/100113218 Source: CCN Type: Microsoft Security Bulletin MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) Source: CCN Type: Microsoft Security Bulletin MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) Source: CCN Type: Microsoft Security Bulletin MS13-016 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2778344) Source: CCN Type: Microsoft Security Bulletin MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) Source: CCN Type: Microsoft Security Bulletin MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) Source: CCN Type: Microsoft Security Bulletin MS13-053 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) Source: CCN Type: Microsoft Security Bulletin MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2880407) Source: CCN Type: Microsoft Security Bulletin MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) Source: CCN Type: Microsoft Security Bulletin MS10-078 Vulnerability in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) Source: CCN Type: Microsoft Security Bulletin MS10-091 Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Remote Code Execution (2296199) Source: CCN Type: Microsoft Security Bulletin MS11-007 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) Source: CCN Type: Microsoft Security Bulletin MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618) Source: CCN Type: BID-43779 Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2741 Privilege Escalation Vulnerability Source: CERT Type: US Government Resource TA10-285A Source: MS Type: UNKNOWN MS10-078 Source: XF Type: UNKNOWN win-otf-fonts-priv-escalation(62153) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6742 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||