A memory corruption flaw exists in Microsoft Windows. The OpenType Font (OTF) driver fails to properly reset a pointer when freeing memory, causing a double-free error, resulting in memory corruption. With a specially crafted OpenType font, a context-dependent attacker can execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-3957 (see also: NVD)
• Microsoft Knowledge Base Article: 2296199
• Secunia Advisory ID: 42604
• Related OSVDB ID: 69820 69822
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2010/12/09/december-2010-advance-notification-service-is-released.aspx
• News Article: http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday?taxonomyId=17&pageNumber=1
  http://www.informationweek.com/blog/main/archives/2010/12/patch_tuesday_t.html
  http://www.pcmag.com/article2/0,2817,2374148,00.asp
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
• Microsoft Security Bulletin: MS10-091

• Marc Schoenefeld - Red Hat Security Response Team