Windows Vulnerability in Embedded Web Fonts

Malwarebytes Anti-Malware
Microsoft released a patch on January 10, 2006 to correct a vulnerability in the way windows handles embedded web fonts. The vulnerability was discovered by eEye Digital Security.

Security Update for Windows XP (KB908519)

Size: 182 KB - 583 KB

A security issue has been identified that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=55919

Microsoft Security Bulletin MS06-002

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability.

An attacker who successfully exploited this vulnerability could take control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We recommend that customers apply the update immediately.

Severity Ratings and Vulnerability Identifiers:

Vulnerability Identifiers Impact of Vulnerability Windows 98, 98 SE, ME Windows 2000 Windows XP Service Pack 1 Windows XP Service Pack 2 Windows Server 2003 Windows Server 2003 Service Pack 1
Windows Embedded Web Font Vulnerability - CVE-2006-0010 Remote Code Execution Critical Critical Critical Critical Important Important

References:

  1. Microsoft Security Bulletin MS06-002
    Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
    Microsoft Corporation
    Published: January 10, 2006
  2. Microsoft font embedding
    TechEncyclopedia
  3. Microsoft Issues Patches for Critical Vulnerabilities
    By Tom Sanders
    VNUNet.com
    Published in E-Commerce News
    January 11, 2006

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: Wednesday January 11, 2006