Remote Code Execution Vulnerabilities in the Embedded OpenType Font Engine - MS09-029ID: oval:org.secpod.oval:def:2577 | Date: (C)2011-10-20 (M)2024-02-15 |
Class: PATCH | Family: windows |
The host is missing a critical security update according to Microsoft security bulletin, MS09-029. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Windows component, the Embedded OpenType (EOT) Font Engine, which fails to parse data records, name tables and content containing specially crafted embedded fonts. Successful exploitation could allow an attacker to gain the user rights and take complete control of an affected system.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |