Executive Summary
Summary | |
---|---|
Title | Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) |
Informations | |||
---|---|---|---|
Name | MS10-001 | First vendor Publication | 2010-01-12 |
Vendor | Microsoft | Last vendor Modification | 2011-01-19 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (January 19, 2011): Added a link to Microsoft Knowledge Base Article 972270 under Known Issues in the Executive Summary.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-001.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8324 | |||
Oval ID: | oval:org.mitre.oval:def:8324 | ||
Title: | Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability | ||
Description: | Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0018 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-01-13 | Name : Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities... File : nvt/secpod_ms10-001.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61651 | Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Hand... Microsoft Windows is prone to an overflow condition. The Embedded Open Type font engine (OET) fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted font file, a remote attacker can potentially cause arbitrary code execution. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-18 | Microsoft Windows embedded OpenType font engine LZX decompression buffer over... RuleID : 29014 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows embedded OpenType font engine LZX decompression buffer over... RuleID : 16366 - Revision : 13 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-01-12 | Name : It is possible to execute arbitrary code on the remote Windows host using the... File : smb_nt_ms10-001.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:26 |
|
2014-01-19 21:30:25 |
|