{"vuid":"VU#915930","idnumber":"915930","name":"Microsoft embedded web font buffer overflow","keywords":["MS06-002","embedded web fonts","embedded fonts","buffer overflow","heap"],"overview":"A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded web fonts. The overflow exists due to a lack of validation on compressed embedded web fonts. A remote attacker may be able to trigger the buffer overflow by persuading a user to access a web page or HTML email containing a specially crafted embedded web font. For more information about affected versions of Microsoft Windows, please refer to MS06-002.","impact":"A remote attacker may be able to execute arbitrary code with the privileges of the attacked user account.","resolution":"Apply an update \nMicrosoft Security Bulletin MS06-002 contains an update to correct this vulnerability.","workarounds":"In addition Microsoft suggests the following workarounds to mitigate this vulnerability: Read and send email in plain text format\nConfigure Font Download to “Prompt or Disable” in the Internet and Local Intranet Zones. Please see Microsoft Security Bulletin MS06-002 for details on these workarounds.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin MS06-002 Microsoft credits \neEye Digital Security with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx","http://www.microsoft.com/typography/web/embedding/"],"cveids":["CVE-2006-0010"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-01-10T19:40:55Z","publicdate":"2006-01-10T00:00:00Z","datefirstpublished":"2006-01-10T20:26:29Z","dateupdated":"2006-01-10T20:31:11Z","revision":34,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"10.6875","cam_scorecurrentwidelyknown":"13.359375","cam_scorecurrentwidelyknownexploited":"24.046875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.6875,"vulnote":null}