CVE-2010-2738

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 Microsoft Office versions XP SP3, 2003 SP3, and 2007 SP2

Description A remote code execution issue exists due to the incorrect parsing of specific font types by Microsoft Windows and Microsoft Office. This could allow an attacker to execute arbitrary code via a crafted web site or Office document. An attacker who successfully exploits this issue could run arbitrary code as the logged-on user.

Recommendations For Microsoft Windows versions XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, update to a version that correctly parses font types to prevent remote code execution. For Microsoft Office versions XP SP3, 2003 SP3, and 2007 SP2, update to a version that correctly parses font types to prevent remote code execution. As a temporary workaround, consider restricting the use of potentially malicious font types in Microsoft Windows and Microsoft Office until a patch is available.