CVE-2009-0232

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to an integer overflow in the Embedded OpenType (EOT) Font Engine, allowing remote attackers to execute arbitrary code via a crafted name table. A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses name tables in specially crafted embedded fonts. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Recommendations For Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2, update to a version that includes the fix for the Embedded OpenType Font Integer Overflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.