CVE-2010-2741

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue arises from an incorrect integer calculation during font processing in the OpenType Font (OTF) format driver, allowing local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists due to the improper parsing of specially crafted OpenType fonts by the Windows OpenType Font (OTF) format driver. This could enable an attacker to run arbitrary code in kernel mode, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that includes the fix for the OpenType Font Validation issue. For Microsoft Windows Server 2003 version SP2, apply the necessary patch to resolve the elevation of privilege vulnerability in the OpenType Font format driver.