Vigil@nce - Windows: privilege elevation via CFF
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use an OpenType Compact Font Format font, in
order to obtain system privileges.
Severity: 2/4
Creation date: 09/06/2010
DESCRIPTION OF THE VULNERABILITY
An OpenType CFF (Compact Font Format) font uses outlines specified
using PostScript Type 1. The Window Windows OpenType CFF driver
implements the support for these fonts.
However, this driver does not correctly validate received data,
which corrupts the memory.
A local attacker can therefore use an OpenType Compact Font Format
font, in order to obtain system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-CFF-9693