Vulnerabilities > CVE-2009-3020 - Denial-Of-Service vulnerability in Windows Server 2003 Enterprise Edition Itanium
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Exploit-Db
| description | MS Windows 2003 (EOT File) BSOD Crash Exploit. CVE-2009-3020. Dos exploit for windows platform |
| file | exploits/windows/dos/9417.txt |
| id | EDB-ID:9417 |
| last seen | 2016-02-01 |
| modified | 2009-08-11 |
| platform | windows |
| port | |
| published | 2009-08-11 |
| reporter | webDEViL |
| source | https://www.exploit-db.com/download/9417/ |
| title | Microsoft Windows 2003 - EOT File BSOD Crash Exploit |
| type | dos |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 36029 CVE(CAN) ID: CVE-2009-3020 Microsoft Windows是微软开发的非常流行的操作系统。 Windows Server 2003 SP2的嵌入式OpenType(EOT)字体引擎所使用的win32k.sys驱动中存在拒绝服务漏洞。如果用户受骗打开的HTML文档中@font- face CSS规则的src描述符引用了特制的.eot文件,就可能导致系统崩溃。 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/technet/security/ |
| id | SSV:12170 |
| last seen | 2017-11-19 |
| modified | 2009-09-02 |
| published | 2009-09-02 |
| reporter | Root |
| title | Microsoft Windows嵌入式OpenType字体引擎拒绝服务漏洞 |