Heap-based buffer overflow in Microsoft Windows products
CVE-2006-0010

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows Xp; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 10 January 2006

What is CVE-2006-0010?

This vulnerability exists within the T2EMBED.DLL file in various versions of Microsoft Windows, allowing remote attackers to trigger a heap-based buffer overflow via a specially crafted Embedded Open Type (EOT) web font. This can be executed through malicious email messages or compromised web pages, leading to potential arbitrary code execution on the affected systems.

References

http://seclists.org/fulldisclosure/2006/Jan/363

mailing-listx_refsource_FULLDISC

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.js...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/915930

third-party-advisoryx_refsource_CERT-VN

EPSS Score

67% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2006
Vulnerability Reserved
Nov 9, 2005