Vulnerability Note VU#915930

Microsoft embedded web font buffer overflow

Original Release date: 10 Jan 2006 | Last revised: 10 Jan 2006

Overview

A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.

For more information about affected versions of Microsoft Windows, please refer to MS06-002.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.

Solution

Apply an update
Microsoft Security Bulletin MS06-002 contains an update to correct this vulnerability.

In addition Microsoft suggests the following workarounds to mitigate this vulnerability:

  • Read and send email in plain text format
  • Configure Font Download to “Prompt or Disable” in the Internet and Local Intranet Zones.

Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable-10 Jan 2006

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported in Microsoft Security Bulletin MS06-002. Microsoft credits eEye Digital Security with providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0010
  • Date Public: 10 Jan 2006
  • Date First Published: 10 Jan 2006
  • Date Last Updated: 10 Jan 2006
  • Severity Metric: 10.69
  • Document Revision: 24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Document Feedback

Was this document helpful?   Yes   |   Somewhat   |  No