CVE-2010-3957

HIGH

Microsoft Windows 2003 Server - Double Free

Title source: rule

Description

Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."

References (4)

Scores

CVSS v3 7.3
EPSS 0.0370
EPSS Percentile 87.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-399 CWE-415
Status draft

Affected Products (18)

microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_7
microsoft/windows_7
microsoft/windows_server_2003
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_vista
microsoft/windows_vista
... and 3 more

Timeline

Published Dec 16, 2010
Tracked Since Feb 18, 2026