{"vuid":"VU#943749","idnumber":"943749","name":"Microsoft font processing buffer overflow vulnerability","keywords":["Microsoft","MS05-018"],"overview":"A privilege elevation vulnerability exists in the way that Microsoft Windows processes certain fonts. This vulnerability could allow a logged on user to take complete control of the system.","clean_desc":"Due to an unchecked buffer in the processing of malicious fonts, a locally authenticated user could take complete control of an affected system. Microsoft indicates that this vulnerability could not be exploited remotely.","impact":"A locally authenticated user could potentially execute arbitrary code with elevated privileges and gain complete control of the system. Microsoft indicates that attempts to exploit this vulnerability on systems running Windows XP Service pack 2 would most likely result in a denial-of-service condition.","resolution":"Apply a patch Microsoft has published Microsoft Security Bulletin MS05-018 in response to this issue. Users are strongly encouraged to review this advisory and apply the patches it refers to.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft who in turn thank John Heasman with Next Generation Security Software Ltd. for reporting the Font Vulnerability.","author":"This document was written by Robert Mead based on information provided by Microsoft.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","M","S","0","5","-","0","1","8",".","m","s","p","x"],"cveids":["CVE-2005-0060"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-04-12T19:50:09Z","publicdate":"2005-04-12T00:00:00Z","datefirstpublished":"2005-04-13T21:43:49Z","dateupdated":"2005-05-12T18:49:15Z","revision":19,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"2","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.43","cam_scorecurrentwidelyknown":"3.105","cam_scorecurrentwidelyknownexploited":"5.805","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.43,"vulnote":null}