Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

Microsoft Windows EOT Font Engine Remote Code Execution Vulnerability
Date Discovered: 01/12/2010
Severity: High
Operating Sysytem: Microsoft Windows
Applications Affected: EOT Font Engine
Type: Remote
Identifiers: CVE-2010-0018
Synopsis
Microsoft Windows EOT Font Engine is prone to remote code execution vulnerability in the way that this engine handles specially crafted EOT font tag. After successful exploitation remote attacker can execute arbitrary code in security context of logged-in user.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
Threat Analysis
Embedded OpenType (EOT) fonts are a compact form of fonts used for embedding in documents or on Web pages these font can be use in different type of documents.

EOT Font Engine is prone to remote code execution vulnerability. This vulnerability exists when this application handles malformed crafted EOT font tag. This vulnerability is based on LZX decompression routine. Successful exploitation allows remote attacker can execute arbitrary code in security context of logged-in user.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018

Write-up by: Gaurav Bajpai