Vulnerability Note VU#915930

Microsoft embedded web font buffer overflow

Original Release date: 10 Jan 2006 | Last revised: 10 Jan 2006


A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.

For more information about affected versions of Microsoft Windows, please refer to MS06-002.


A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.


Apply an update
Microsoft Security Bulletin MS06-002 contains an update to correct this vulnerability.

In addition Microsoft suggests the following workarounds to mitigate this vulnerability:

  • Read and send email in plain text format
  • Configure Font Download to “Prompt or Disable” in the Internet and Local Intranet Zones.

Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-10 Jan 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Microsoft Security Bulletin MS06-002. Microsoft credits eEye Digital Security with providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0010
  • Date Public: 10 Jan 2006
  • Date First Published: 10 Jan 2006
  • Date Last Updated: 10 Jan 2006
  • Severity Metric: 10.69
  • Document Revision: 24


If you have feedback, comments, or additional information about this vulnerability, please send us email.