[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability



====================================================================== 

 

                    Secunia Research 08/12/2015              



             Microsoft Windows usp10.dll "GetFontDesc()"

                  Integer Underflow Vulnerability



====================================================================== 

Table of Contents



Affected Software....................................................1

Severity.............................................................2

Description of Vulnerability.........................................3

Solution.............................................................4

Time Table...........................................................5

Credits..............................................................6

References...........................................................7

About Secunia........................................................8

Verification.........................................................9



====================================================================== 

1) Affected Software





* Microsoft Windows 7

* Microsoft Windows Server 2008



====================================================================== 

2) Severity 



Rating: Highly critical

Impact: System Access

Where:  From remote

 

====================================================================== 

3) Description of Vulnerability



Secunia Research has discovered a vulnerability in Microsoft Windows,

which can be exploited by malicious people to compromise a user's

system.



The vulnerability is caused due to an integer underflow error within

the "GetFontDesc()" function in usp10.dll when processing font files

cmap table and can be exploited to cause a heap-based buffer overflow

via a font file containing cmap table data with specially crafted

offset within encoding records.



Successful exploitation allows execution of arbitrary code.



====================================================================== 

4) Solution 



Apply update provided by MS15-130.



====================================================================== 

5) Time Table



09/10/2015 - Vendor notified.

12/10/2015 - Vendor response.

17/10/2015 - Status update provided by the vendor.

28/10/2015 - Vendor provides December 2015 as intended fix date.

08/12/2015 - Release of vendor patch and public disclosure.



====================================================================== 

6) Credits 



Discovered by Hossein Lotfi, Secunia Research (now part of

Flexera Software).



====================================================================== 

7) References





The Common Vulnerabilities and Exposures (CVE) project has assigned

the CVE-2015-6130 identifier for the vulnerability.

 

====================================================================== 

8) About Secunia (now part of Flexera Software)



In September 2015, Secunia has been acquired by Flexera Software:



https://secunia.com/blog/435/



Secunia offers vulnerability management solutions to corporate

customers with verified and reliable vulnerability intelligence

relevant to their specific system configuration:



http://secunia.com/products/



Secunia also provides a publicly accessible and comprehensive advisory

database as a service to the security community and private 

individuals, who are interested in or concerned about IT-security.



http://secunia.com/advisories/



Secunia believes that it is important to support the community and to

do active vulnerability research in order to aid improving the 

security and reliability of software in general:



http://secunia.com/secunia_research/



Secunia regularly hires new skilled team members. Check the URL below

to see currently vacant positions:



http://secunia.com/company/jobs/



====================================================================== 

9) Verification 



Please verify this advisory by visiting the Secunia website:

http://secunia.com/secunia_research/2015-6/



Complete list of vulnerability reports published by Secunia Research:

http://secunia.com/secunia_research/



======================================================================