Executive Summary
Summary | |
---|---|
Title | Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) |
Informations | |||
---|---|---|---|
Name | MS10-076 | First vendor Publication | 2010-10-12 |
Vendor | Microsoft | Last vendor Modification | 2010-10-12 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6881 | |||
Oval ID: | oval:org.mitre.oval:def:6881 | ||
Title: | Embedded OpenType Font Integer Overflow Vulnerability | ||
Description: | Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1883 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-10-13 | Name : Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132) File : nvt/secpod_ms10-076.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68553 | Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Pars... Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to an integer overflow error within t2embed.dll when parsing hdmx records in an Embedded OpenType (EOT) font file and can be exploited to corrupt memory by e.g. tricking a user into visiting a web site containing a specially crafted file. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-10-14 | IAVM : 2010-A-0135 - Microsoft Windows Embedded OpenType Font Engine Vulnerability Severity : Category I - VMSKEY : V0025528 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows embedded OpenType EOT font integer overflow attempt RuleID : 19308 - Revision : 16 - Type : FILE-OTHER |
2014-01-10 | Microsoft Internet Explorer compressed HDMX font processing integer overflow ... RuleID : 17747 - Revision : 16 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-13 | Name : It is possible to execute arbitrary code on the remote Windows host using the... File : smb_nt_ms10-076.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:43 |
|
2014-01-19 21:30:32 |
|
2013-11-11 12:41:19 |
|