CVE-2010-2740

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue arises from improper memory allocation during font parsing in the OpenType Font (OTF) format driver. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists due to the improper parsing of specially crafted OpenType fonts, which could enable an attacker to run arbitrary code in kernel mode. This could lead to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that properly allocates memory during font parsing to prevent privilege escalation. For Microsoft Windows Server 2003 version SP2, ensure that the OpenType Font format driver is updated to correctly parse OpenType fonts and prevent arbitrary code execution in kernel mode.