[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110507

 
 

909

 
 

86504

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-0010Date: (C)2006-01-10   (M)2018-05-03


Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1015459
BID-16194
SECUNIA-18311
SECUNIA-18365
SECUNIA-18391
OSVDB-18829
http://www.securityfocus.com/archive/1/archive/1/421885/100/0/threaded
ADV-2006-0118
EEYEB20050801
MS06-002
TA06-010A
VU#915930
http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525
win-embedded-fonts-bo(23922)

CPE    60
cpe:/o:microsoft:windows_nt:3.5.1
cpe:/o:microsoft:windows_nt:3.5.1:sp2
cpe:/o:microsoft:windows_nt:3.5.1:sp1
cpe:/o:microsoft:windows_nt:4.0:sp2
...
CWE    1
CWE-119
OVAL    6
oval:org.mitre.oval:def:1462
oval:org.mitre.oval:def:1185
oval:org.mitre.oval:def:714
oval:org.mitre.oval:def:698
...

© SecPod Technologies