|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the rendering of fonts. A crafted OpenType font rendered by the kernel can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code as SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Haikuo Xie and Zheng Huang of Baidu Security Lab