Signature Detail

HTTP: Microsoft Windows OpenType Font (OTF) Denial of Service

This signature detects attempts to exploit a known vulnerability against Microsoft Windows OpenType Font (OTF). A denial-of-service condition can be created when a client downloads a specially crafted OpenType Font (.otf) file.

Extended Description

Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Avaya callpilot
• Avaya communication_server_1000_telephony_manager
• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server
• Microsoft windows_server_2003 SP2
• Microsoft windows_server_2003 Sp2 Compute Cluster
• Microsoft windows_server_2003 Sp2 Datacenter
• Microsoft windows_server_2003 Sp2 Enterprise
• Microsoft windows_server_2003 Sp2 Storage
• Microsoft windows_server_2003_datacenter_x64_edition SP2
• Microsoft windows_server_2003_enterprise_x64_edition SP2
• Microsoft windows_server_2003_itanium SP2
• Microsoft windows_server_2003_standard_edition SP2
• Microsoft windows_server_2003_web_edition SP2
• Microsoft windows_server_2003_x64 SP2
• Microsoft windows_xp_embedded SP3
• Microsoft windows_xp_home SP3
• Microsoft windows_xp_media_center_edition SP3
• Microsoft windows_xp_professional SP3
• Microsoft windows_xp_professional_x64_edition SP2
• Microsoft windows_xp_tablet_pc_edition SP3

References

• BugTraq: 43779
• BugTraq: 54012
• CVE: CVE-2010-2741