CVE-2006-0010

Description

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126

https://exchange.xforce.ibmcloud.com/vulnerabilities/23922

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525

http://www.vupen.com/english/advisories/2006/0118

http://www.us-cert.gov/cas/techalerts/TA06-010A.html

http://www.securityfocus.com/bid/16194

http://www.securityfocus.com/archive/1/421885/100/0/threaded

http://www.osvdb.org/18829

http://www.kb.cert.org/vuls/id/915930

http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html

http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm

http://securitytracker.com/id?1015459

http://secunia.com/advisories/18391

http://secunia.com/advisories/18365

http://secunia.com/advisories/18311

http://seclists.org/fulldisclosure/2006/Jan/363

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3