A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.
For more information about affected versions of Microsoft Windows, please refer to MS06-002.
A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.
Apply an update
In addition Microsoft suggests the following workarounds to mitigate this vulnerability:
Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.
This vulnerability was reported in Microsoft Security Bulletin MS06-002. Microsoft credits eEye Digital Security with providing information regarding this issue.
This document was written by Jeff Gennari.
|Date First Published:||2006-01-10|
|Date Last Updated:||2006-01-10 20:31 UTC|