Vulnerabilities > CVE-2009-3020 - Unspecified vulnerability in Microsoft Windows Server 2003

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
exploit available
NVD
Published: 2009-08-31
Updated: 2024-11-21

Summary

win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Exploit-Db

descriptionMS Windows 2003 (EOT File) BSOD Crash Exploit. CVE-2009-3020. Dos exploit for windows platform
fileexploits/windows/dos/9417.txt
idEDB-ID:9417
last seen2016-02-01
modified2009-08-11
platformwindows
port
published2009-08-11
reporterwebDEViL
sourcehttps://www.exploit-db.com/download/9417/
titleMicrosoft Windows 2003 - EOT File BSOD Crash Exploit
typedos

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 36029 CVE(CAN) ID: CVE-2009-3020 Microsoft Windows是微软开发的非常流行的操作系统。 Windows Server 2003 SP2的嵌入式OpenType(EOT)字体引擎所使用的win32k.sys驱动中存在拒绝服务漏洞。如果用户受骗打开的HTML文档中@font- face CSS规则的src描述符引用了特制的.eot文件,就可能导致系统崩溃。 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/technet/security/
idSSV:12170
last seen2017-11-19
modified2009-09-02
published2009-09-02
reporterRoot
titleMicrosoft Windows嵌入式OpenType字体引擎拒绝服务漏洞

References