CVE-2010-0018

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2

Description The issue is related to an integer overflow in the Embedded OpenType (EOT) Font Engine, which allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font. This vulnerability can be exploited to take complete control of an affected system, enabling actions such as installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights.

Recommendations For Windows 2000 SP4, consider applying the relevant security update to address the issue. For Windows XP SP2 and SP3, apply the security update to resolve the vulnerability. For Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, ensure that the latest security patches are installed to mitigate the risk. As a temporary workaround, consider restricting the use of the Embedded OpenType (EOT) Font Engine until a patch is available.