Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0231

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0231
Last Modified 21 Aug 2010 12:00:00
Published 15 Jul 2009 11:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0231

Summary

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Vista -

  • Microsoft Windows Xp


References

CERT - TA09-195A

MS - MS09-029

VUPEN - ADV-2009-1887

SECTRACK - 1022543

OSVDB - 55842

IDEFENSE - 20090714 Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability

Related Patches

MS09-029 961371 Security Update for Embedded OpenType Font Engine

MS09-029 961371 Security Update for Embedded OpenType Font Engine (Vista) (All Languages)


Last Updated: 27 May 2016 10:50:10