TITLE: Microsoft Windows Embedded Web Fonts Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA18365 VERIFY ADVISORY: http://secunia.com/advisories/18365/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling malformed embedded Web fonts. This can be exploited to execute arbitrary code when a user visits a malicious website or views an e-mail message that contains a specially-crafted embedded Web font. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=DC6C2FE8-3C81-4661-994B-4146775BF590 Microsoft Windows XP (requires Service Pack 1 or 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=6DAEA2AF-3723-4CDF-B5BD-B21AC75B5243 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=1990B2CF-AE88-4849-AEAB-3F833969E197 Microsoft Windows Server 2003 (with or without Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=5FC12654-486F-45BF-8D34-BDF0998869C5 Microsoft Windows Server 2003 (Itanium) (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=E39D2E29-8934-4AA1-844D-11EFA57D9CC5 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=80B05C56-5BCE-4262-8142-AF0D8A7BC388 See vendor's advisory for information about Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). PROVIDED AND/OR DISCOVERED BY: The vendor credits eEye Digital Security. ORIGINAL ADVISORY: MS06-002 (KB908519): http://www.microsoft.com/technet/security/Bulletin/MS06-002.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------