CVE-2006-0010

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 Microsoft Windows 98 Microsoft Windows ME

Description: A heap-based buffer overflow issue exists due to the way Windows handles malformed embedded Web fonts, specifically Embedded Open Type (EOT) web fonts. This could allow remote attackers to execute arbitrary code via an e-mail message or web page with a crafted EOT web font. An attacker who successfully exploits this issue could take complete control of an affected system.

Recommendations: For Microsoft Windows 2000, apply the necessary patch to update to at least SP4. For Microsoft Windows XP, apply the necessary patch to update to at least SP3. For Microsoft Windows Server 2003, apply the necessary patch to update to at least SP2. For Microsoft Windows 98 and ME, consider upgrading to a newer version of Windows, as these versions are no longer supported. As a temporary workaround, consider restricting access to embedded Web fonts until a patch is available.