search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft embedded web font buffer overflow

Vulnerability Note VU#915930

Original Release Date: 2006-01-10 | Last Revised: 2006-01-10

Overview

A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font.

For more information about affected versions of Microsoft Windows, please refer to MS06-002.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.

Solution

Apply an update
Microsoft Security Bulletin MS06-002 contains an update to correct this vulnerability.

In addition Microsoft suggests the following workarounds to mitigate this vulnerability:

    • Read and send email in plain text format
    • Configure Font Download to “Prompt or Disable” in the Internet and Local Intranet Zones.

Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.

Vendor Information

915930
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  January 10, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was reported in Microsoft Security Bulletin MS06-002 Microsoft credits eEye Digital Security with providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2006-0010
Severity Metric: 10.69
Date Public: 2006-01-10
Date First Published: 2006-01-10
Date Last Updated: 2006-01-10 20:31 UTC
Document Revision: 24

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.