Vulnerabilities > CVE-2009-0231 - Incorrect Conversion between Numeric Types vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 11 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS09-029 |
bulletin_url | |
date | 2009-07-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 961371 |
knowledgebase_url | |
severity | Critical |
title | Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS09-029.NASL |
description | The remote Windows host contains a version of the Embedded OpenType (EOT) Font Engine that is affected by multiple buffer overflow vulnerabilities due to the way the EOT font technology parses name tables in specially crafted embedded fonts. If an attacker can trick a user on the affected system into viewing content rendered in a specially crafted EOT font, these issues could be leveraged to execute arbitrary code subject to the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 39792 |
published | 2009-07-14 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/39792 |
title | MS09-029: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
code |
|
Oval
accepted | 2011-10-31T04:04:09.282-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5457 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2009-07-14T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Embedded OpenType Font Heap Overflow Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 73 |
References
- http://www.vupen.com/english/advisories/2009/1887
- http://www.securitytracker.com/id?1022543
- http://osvdb.org/55842
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029