CVE-2006-0010 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0010
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0010

Description: Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23922 VULNWATCH ST 1015459 SAID Secunia Advisory: SA18365 Secunia Advisory: SA18391 Secunia Advisory: SA18311 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:698 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1491 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1462 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1185 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1126 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:714 OSVDB 18829 MS http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx MISC http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525 FULLDISC EEYE http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm CERT-VN 915930 CERT http://www.us-cert.gov/cas/techalerts/TA06-010A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/421885/100/0/threaded BID 16194

Return to the previous page.