Microsoft Windows Embedded Web Font processing vulnerability
Microsoft Windows Embedded Web Font processing vulnerability
Date Discovered: 2006. január 10.
Date Published: 2006. január 10.
Last Updated: 2006. január 10.
Threat Assessment
Overall Risk: Medium
Impact: High
Popularity: High
Simplicity: Low
Vulnerability Description
Vulnerability ID: 33734
Discovered By: eEye Digital Security
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can execute arbitrary code.
Root Cause: Software Vulnerability
Microsoft Windows contains a vulnerability that can allow an attacker to execute arbitrary code. The vulnerability is due to improper handling of embedded Web fonts. Attackers can exploit the vulnerability by creating a web site or sending an HTML formatted email message and enticing a victim into viewing it to corrupt system memory.
Recommendations
http://download.microsoft.com/download/c/d/4/cd485501-656e-4f23-a196-20a4106547b4/WindowsXP-KB908519-x86-ENU.exe
http://download.microsoft.com/download/2/2/2/222668df-5bc2-4523-b575-204ab5081f6e/WindowsServer2003-KB908519-x86-ENU.exe
Affected Technologies
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 IT
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 IT
Microsoft: Microsoft Windows Server 2003 64-Bit Edition IA64 64 EN
Microsoft: Microsoft Windows Server 2003 64-Bit Edition SP1 IA64 64 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 EN
Microsoft: Microsoft Windows XP Home Edition SP1 x86 32 DE
Microsoft: Microsoft Windows XP Home Edition SP1 x86 32 EN
Microsoft: Microsoft Windows XP Home Edition SP1 x86 32 ES
Microsoft: Microsoft Windows XP Home Edition SP1 x86 32 FR
Microsoft: Microsoft Windows XP Home Edition SP1 x86 32 IT
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 DE
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 EN
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 ES
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 FR
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 IT
Microsoft: Microsoft Windows XP Professional SP1 x86 32 DE
Microsoft: Microsoft Windows XP Professional SP1 x86 32 EN
Microsoft: Microsoft Windows XP Professional SP1 x86 32 ES
Microsoft: Microsoft Windows XP Professional SP1 x86 32 FR
Microsoft: Microsoft Windows XP Professional SP1 x86 32 IT
Microsoft: Microsoft Windows XP Professional SP2 x86 32 DE
Microsoft: Microsoft Windows XP Professional SP2 x86 32 EN
Microsoft: Microsoft Windows XP Professional SP2 x86 32 ES
Microsoft: Microsoft Windows XP Professional SP2 x86 32 FR
Microsoft: Microsoft Windows XP Professional SP2 x86 32 IT
Microsoft: Windows Server 2003 Enterprise Edition ES
Microsoft: Windows Server 2003 Enterprise Edition FR
Microsoft: Windows Server 2003 Enterprise Edition IT
Microsoft: Windows Server 2003 Enterprise Edition SP1 x86 32 DE
Microsoft: Windows Server 2003 Enterprise Edition SP1 x86 32 EN
Microsoft: Windows Server 2003 Enterprise Edition x86 32 DE
Microsoft: Windows Server 2003 Enterprise Edition, 64-bit
Microsoft: Windows Server 2003 Standard Edition DE
Microsoft: Windows Server 2003 Standard Edition DE SP1
Microsoft: Windows Server 2003 Standard Edition ES
Microsoft: Windows Server 2003 Standard Edition FR
Microsoft: Windows Server 2003 Standard Edition IT
Microsoft: Windows Server 2003 Standard Edition SP1 x86 32 EN-US
Microsoft: Windows Server 2003 Web Edition DE
Microsoft: Windows Server 2003 Web Edition ES
Microsoft: Windows Server 2003 Web Edition FR
Microsoft: Windows Server 2003 Web Edition IT
Microsoft: Windows Server 2003 Web Edition SP1
Microsoft: Windows XP Professional x64 Edition
References
Microsoft: MS06-002
Mitre CVE: CVE-2006-0010
More information on CA Vulnerability Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33734
Computer Associates – the Trusted Source of Security Knowledge
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel