CVE - CVE-2006-0010

CVE-ID
CVE-2006-0010	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:16194 URL:http://www.securityfocus.com/bid/16194 BUGTRAQ:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/421885/100/0/threaded CERT:TA06-010A URL:http://www.us-cert.gov/cas/techalerts/TA06-010A.html CERT-VN:VU#915930 URL:http://www.kb.cert.org/vuls/id/915930 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm EEYE:EEYEB20050801 URL:~~http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html~~ (Obsolete source) FULLDISC:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability URL:http://seclists.org/fulldisclosure/2006/Jan/363 MISC:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525 MS:MS06-002 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002 OSVDB:18829 URL:~~http://www.osvdb.org/18829~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:1126 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126 OVAL:oval:org.mitre.oval:def:1185 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185 OVAL:oval:org.mitre.oval:def:1462 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462 OVAL:oval:org.mitre.oval:def:1491 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491 OVAL:oval:org.mitre.oval:def:698 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698 OVAL:oval:org.mitre.oval:def:714 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714 SECTRACK:1015459 URL:http://securitytracker.com/id?1015459 SECUNIA:18311 URL:http://secunia.com/advisories/18311 SECUNIA:18365 URL:http://secunia.com/advisories/18365 SECUNIA:18391 URL:http://secunia.com/advisories/18391 VULNWATCH:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability VUPEN:ADV-2006-0118 URL:~~http://www.vupen.com/english/advisories/2006/0118~~ (Obsolete source) XF:win-embedded-fonts-bo(23922) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/23922
Assigning CNA
Microsoft Corporation
Date Record Created
20051109	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051109)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)