Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
Published:13.10.2010
Source:
SecurityVulns ID:11191
Type:remote
Threat Level:
9/10
Description:Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability.")
 CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability.")
 CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability.")
 CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability.")
 CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Vulnerability.")
 CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.)
 CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability.")
 CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability.")
 CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability.")
 CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-085 - Important Vulnerability in SChannel Could Allow Denial of Service (2207566) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-084 - Important Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-081 - Important Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-078 - Important Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-076 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-074 - Moderate Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) (13.10.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-073 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) (13.10.2010)
Files:Microsoft Security Bulletin MS10-076 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
 Microsoft Security Bulletin MS10-078 - Important Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
 Microsoft Security Bulletin MS10-085 - Important Vulnerability in SChannel Could Allow Denial of Service (2207566)
 Microsoft Security Bulletin MS10-084 - Important Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
 Microsoft Security Bulletin MS10-073 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
 Microsoft Security Bulletin MS10-081 - Important Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
 Microsoft Security Bulletin MS10-074 - Moderate Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod