Vulnerability Note VU#915930
Microsoft embedded web font buffer overflow
A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.
For more information about affected versions of Microsoft Windows, please refer to MS06-002.
A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.
Apply an update
In addition Microsoft suggests the following workarounds to mitigate this vulnerability:
Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||10 Jan 2006|
CVSS Metrics (Learn More)
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-0010
- Date Public: 10 Jan 2006
- Date First Published: 10 Jan 2006
- Date Last Updated: 10 Jan 2006
- Severity Metric: 10.69
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.