3 matches found
Microsoft Embedded OpenType EOT Font Integer Overflow (MS10-076; CVE-2010-1883)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an integer overflow in the Microsoft Windows EOT component, when parsing certain tables within specially crafted files and content containing embedded fonts. A remote attacker may exploit thi...
Microsoft Windows嵌入式OpenType字体引擎整数溢出漏洞(MS10-076)
BUGTRAQ ID: 43775 CVE ID: CVE-2010-1883 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的t2embed.dll库中在将嵌入式OpenType文件转换为TrueType格式时存在整数溢出漏洞。在解析hdmx记录时,盲目的信任了记录大小和记录计数变量,并将所生成的值在拷贝循环中使用,这可能导致执行任意代码。 Microsoft Windows XP SP3 Microsoft Windows XP Pro x64版SP2 Microsoft Windows Vista SP2 Microsoft Windows...
CVE-2010-1883
CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...