Microsoft Windows OpenType Font Processing Denial of Service Vulnerability
Secunia Advisory SA49514
Release Date 2012-06-14
Criticality level Not criticalNot critical
Impact DoS
Where Local system
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia VIM
Operating System
Microsoft Windows XP Professional
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
Dmitry Oleksiuk has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in atmfd.dll when processing Adobe OpenType font files and can be exploited to cause a excessive CPU consumption and potentially crash the system.
The vulnerability is confirmed on a fully patched Windows XP SP3 (atmfd.dll version 5.1.2.232). Other versions may also be affected.
Solution
Restrict access to trusted users only.
Provided and/or discovered by
Dmitry Oleksiuk (Cr4sh)
Original Advisory
http://blog.cr4.sh/2012/06/0day-windows.html
Posljednje sigurnosne preporuke