Signature Detail

HTTP: Microsoft Windows OpenType Font (OTF) Denial of Service

This signature detects attempts to exploit a known vulnerability against Microsoft Windows OpenType Font (OTF). A denial-of-service condition can be created when a client downloads a specially crafted OpenType Font (.otf) file.

Extended Description

Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Avaya CallPilot
• Avaya Communication Server 1000 Telephony Manager
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Sp2 Compute Cluster
• Microsoft Windows Server 2003 Sp2 Datacenter
• Microsoft Windows Server 2003 Sp2 Enterprise
• Microsoft Windows Server 2003 Sp2 Storage
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows XP Embedded SP3
• Microsoft Windows XP Home SP3
• Microsoft Windows XP Media Center Edition SP3
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Tablet PC Edition SP3

References

• BugTraq: 54012
• BugTraq: 43779
• CVE: CVE-2010-2741