Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Sign in to follow this  
Rss Bot

Secunia: Microsoft Windows "LoadUvsTable()" Heap-based Buffer Overflow Vulnerability (Update 2016-12-14)

Recommended Posts

By Hossein Lotfi, Senior Security Specialist Update December 14, 2016: During the analysis of the fix of Microsoft we confirmed a related error remains unpatched. Therefore an additional Secunia Advisory SA74000 [5] has been issued to account for that. On December 13, 2016, Microsoft released updates that fix two vulnerabilities reported by Secunia Research. Both can be exploited through a specially crafted font file. One vulnerability results in a Denial of Service (DoS) or a privilege escalation and the other allows a compromise of a vulnerable system even. The purpose of the write up is to provide details on the second vulnerability, which is a heap-based buffer overflow vulnerability resulting from an integer overflow error within the Microsoft Unicode Scripts Processor, that is part of the Microsoft Windows operating system. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2016-7274 and is outlined in the Microsoft Security...

View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×