CVE-2006-0010 Information

Description

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4 XP SP1 and SP2 and Server 2003 up to SP1 Windows 98 and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

Reference

http://seclists.org/fulldisclosure/2006/Jan/363 http://secunia.com/advisories/18311 http://secunia.com/advisories/18365 http://secunia.com/advisories/18391 http://securitytracker.com/id?1015459 http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html http://www.kb.cert.org/vuls/id/915930 http://www.osvdb.org/18829 http://www.securityfocus.com/archive/1/421885/100/0/threaded http://www.securityfocus.com/bid/16194 http://www.us-cert.gov/cas/techalerts/TA06-010A.html http://www.vupen.com/english/advisories/2006/0118 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/23922 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1126 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1185 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1462 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1491 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A698 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A714