Description
Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58884
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-037
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7072
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40572
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
Scores
EPSS
0.0208
EPSS Percentile
79.3%
Details
CWE
CWE-20
Status
published
Products (7)
microsoft/windows_2000
microsoft/windows_2003_server
(3 CPE variants)
microsoft/windows_7
microsoft/windows_server_2008
(6 CPE variants)
microsoft/windows_server_2008
r2 (2 CPE variants)
microsoft/windows_vista
(4 CPE variants)
microsoft/windows_xp
(3 CPE variants)
Published
Jun 08, 2010
Tracked Since
Feb 18, 2026