search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft embedded web font buffer overflow

Vulnerability Note VU#915930

Original Release Date: 2006-01-10 | Last Revised: 2006-01-10


A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.

For more information about affected versions of Microsoft Windows, please refer to MS06-002.


A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.


Apply an update
Microsoft Security Bulletin MS06-002 contains an update to correct this vulnerability.

In addition Microsoft suggests the following workarounds to mitigate this vulnerability:

    • Read and send email in plain text format
    • Configure Font Download to “Prompt or Disable” in the Internet and Local Intranet Zones.

Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.

Vendor Information


Microsoft Corporation Affected

Updated:  January 10, 2006



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was reported in Microsoft Security Bulletin MS06-002. Microsoft credits eEye Digital Security with providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2006-0010
Severity Metric: 10.69
Date Public: 2006-01-10
Date First Published: 2006-01-10
Date Last Updated: 2006-01-10 20:31 UTC
Document Revision: 34

Sponsored by CISA.