Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
Publish Date : 2010-06-08 Last Update Date : 2010-08-21
| Cvss Score |
7.2 |
| Confidentiality Impact |
Complete
(There is total information disclosure, resulting in all system files being revealed.) |
| Integrity Impact |
Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
| Availability Impact |
Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
| Access Complexity |
Low
(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) |
| Authentication |
Not required
(Authentication is not required to exploit the vulnerability.) |
| Gained Access |
Admin |
| Vulnerability Type(s) |
Execute CodeMemory corruption |
| CWE ID |
20 |
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.
