105 matches found
CVE-2017-11835
Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font...
CVE-2017-11832
The Microsoft Windows embedded OpenType EOT font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially...
CVE-2017-11832
CVE-2017-11832/11835 relate to the Microsoft Windows Embedded OpenType (EOT) font engine. Affected products include Windows 7 SP1, Windows Server 2008 SP2/R2 SP1, and Windows Server 2012, where the EOT font engine parses specially crafted embedded fonts leading to information disclosure. The vuln...
KLA11136 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure...
KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information...
Microsoft Windows Graphics Remote Code Execution (CVE-2017-11763)
A remote code execution vulnerability exists in Windows font library. The vulnerability is due to the way Windows font library improperly handles specially crafted embedded fonts. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted EOT file...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)
An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...
Microsoft Embedded OpenType EOT Font Integer Overflow (MS10-076; CVE-2010-1883)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an integer overflow in the Microsoft Windows EOT component, when parsing certain tables within specially crafted files and content containing embedded fonts. A remote attacker may exploit thi...
CVE-2010-1883
Integer overflow in the Embedded OpenType EOT Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka...
Integer overflow
Integer overflow in the Embedded OpenType EOT Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka...
CVE-2010-1883
CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...
CVE-2010-1883
Integer overflow in the Embedded OpenType EOT Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka...
Microsoft Security Bulletin MS10-076 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
Microsoft Security Bulletin MS10-076 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution 982132 Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in a Microsof...
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Embedded OpenType EOT font engine. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attempts may trigger a denial-of-service conditio...
Workaround for Microsoft Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-076)
A remote code execution vulnerability has been reported in the way Microsoft Windows Embedded OpenType EOT font technology parses certain tables in specially crafted embedded fonts. Embedded OpenType EOT fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploi...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Overflow (MS10-001; CVE-2010-0018)
Embedded OpenType EOT fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploit these vulnerabilities via a specially crafted EOT file. Successful exploitation may allow execution of arbitrary code on a vulnerable system. An integer overflow vulnerability has...
Microsoft Windows Embedded OpenType Font Integer Overflow (MS09-029; CVE-2009-0232)
Embedded OpenType EOT fonts are a compact form of OpenType fonts designed by Microsoft for use as embedded fonts on web pages. These files usually use the extension ".eot". The Embedded OpenType EOT Font Engine is a Microsoft Windows component that enables Windows applications, such as Microsoft...
Microsoft Windows Win32k EOT Parsing Integer Overflow (MS09-065; CVE-2009-2514)
Microsoft Windows kernel, the core of the operating system, contains a device driver win32k.sys. This device driver is an important component that controls window displays, receives keyboard and device input, offers functions for graphic output devices, and provides many other valuable services...
US-CERT Technical Cyber Security Alert TA10-012B -- Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-012B Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected Microsoft Windows and Internet Explorer...
CVE-2010-0018
Integer overflow in the Embedded OpenType EOT Font Engine t2embed.dll in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via...