CVE-2010-1883

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A remote code execution issue exists in the way Microsoft Windows Embedded OpenType (EOT) font technology parses certain tables in specially crafted embedded fonts. This allows remote attackers to execute arbitrary code via a crafted table in an embedded font. If a user is logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Windows, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting the use of embedded fonts in sensitive environments until a patch is available.