Windows TrueType Font Parsing Vulnerability in Microsoft Products
CVE-2010-1255

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000
Vendor: CVE Published:; 8 June 2010

What is CVE-2010-1255?

The Windows operating system contains a vulnerability in kernel-mode drivers within win32k.sys, allowing local users to execute arbitrary code by exploiting improperly handled glyph outline information and TrueType fonts. This can lead to severe security breaches, enabling unauthorized access and control over affected systems. It is essential for users of the impacted Windows versions to apply the necessary security updates provided by Microsoft to mitigate this risk.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.opera.com/support/kb/view/954/

x_refsource_CONFIRM

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Apr 5, 2010