[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-0010

Date: (C)2006-01-10   (M)2017-07-18 


Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1015459
BID-16194
SECUNIA-18311
SECUNIA-18365
SECUNIA-18391
OSVDB-18829
http://www.securityfocus.com/archive/1/archive/1/421885/100/0/threaded
ADV-2006-0118
EEYEB20050801
MS06-002
TA06-010A
VU#915930
http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525
win-embedded-fonts-bo(23922)

CPE    60
cpe:/o:microsoft:windows_nt:3.5.1:sp5:alpha
cpe:/o:microsoft:windows_nt:3.5.1
cpe:/o:microsoft:windows_nt:3.5.1:sp5
cpe:/o:microsoft:windows_nt:3.5.1:sp4
...
CWE    1
CWE-119
OVAL    6
oval:org.mitre.oval:def:1462
oval:org.mitre.oval:def:1185
oval:org.mitre.oval:def:714
oval:org.mitre.oval:def:698
...

© 2013 SecPod Technologies