Core Security Technologies Advisory - While investigating the OpenType Compact Font Format vulnerability disclosed in MS10-037, Diego Juarez discovered another kernel bug in the parsing of OTF files. Loading a malformed OpenType font can cause the entire system to crash. The vulnerability could be used locally by attackers with access to an unprivileged account to elevate privileges to those of a System Administrator.
0e3069b48078cc6ce57a0ba9ae979121fd8801e0819abc6cd8b9765d2daa3a61