Security Advisory
  • Microsoft Windows Embedded OpenType Font Engine Vulnerability Reported Date: 13-01-10
Rated Level: Critical
Impact: System Access,Remotely Exploitable
Affected Software: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP
Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error in the decompression of Embedded OpenType (EOT) fonts. This can be exploited to corrupt memory via a specially crafted EOT font.

Successful exploitation may allow execution of arbitrary code when a user e.g. visits a malicious website.


Note: The vendor credits Tavis Ormandy, Google.
Solution: Apply patches.

Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=47f85cbd-282e-4c92-9809-68bba49e0a12

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=793a6b3f-7660-40be-b7d5-7b0eec55e1cd

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/de...=31609ce9-656a-4f7d-a501-709a31ca34c3

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/de...=e1d6e338-dea9-458e-b35d-796e069d74d7

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/de...=ddbcf231-9fde-4dc2-ad04-a01b69d1a980

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=c71a13cf-7e2f-4b02-8684-1a4e4b46ddda

Windows Vista (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=6387228c-eedc-4511-b3c6-8922606f4c84

Windows Vista x64 Edition (optionally with SP1/SP2):
http://www.microsoft.com/downloads/de...=7b4f5089-13b1-421b-a00b-22632bba4229

Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=e175c436-37e0-497f-8b7f-6cacaa25ad7c

Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=1b10a177-fd45-406f-8edc-b8d4b84881b7

Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de...=e8bc9a24-a794-4827-a6bb-785c6b2189f4

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=75491ad0-40a6-4efb-9574-d82210f6d0da

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/de...=8a53f0e9-0616-440e-90f2-a12524e1bee4

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/de...=308166e4-571b-4d6c-bd9f-3ed4afa4eafe

Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=1d0da42b-9755-4fd2-afd1-0d023d187133
Original Advisory: MS10-001 (KB972270):
http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx
References: http://secunia.com/advisories/cve_reference/CVE-2010-0018/
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org

Security Advisories by Month (2010)
Mar (3) Jan (8)
TS Promotion
Software Security Tools
Latest Exploit Codes
TS Information
About Trivia Security
Frequently Asked Questions
TS Announcements
Terms of service
Site Map
Search
Security
Phishing Scams
Advisories
Exploits
News & Headlines
xss playground
Web Proxy
Proxy List
War Games
Encrypt
InfoSec Library
Latest Library Articles
Video Library
Top Articles
Browse Library
Soft-Tools
Latest Tools
Top Downloads
Browse Tools Archive
Forums
Login
Register
Search
Latest Topics
Links
Affiliates
TS Top Sites
Recomended Sites