Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap MakeFormat12MergedGlyphList

Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap MakeFormat12MergedGlyphList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on t...

Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList

Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the...

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018 Summary A remote code execution vulnerability exists when the Windows font library handles specially crafted embedded fonts...

Microsoft Lync Remote Code Execution Vulnerabilities (2707956)

This host is missing a critical security update according to Microsoft Bulletin MS12-039. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)

This host is missing a critical security update according to Microsoft Bulletin MS12-034. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows嵌入式OpenType字体引擎整数溢出漏洞（MS10-076）

BUGTRAQ ID: 43775 CVE ID: CVE-2010-1883 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的t2embed.dll库中在将嵌入式OpenType文件转换为TrueType格式时存在整数溢出漏洞。在解析hdmx记录时，盲目的信任了记录大小和记录计数变量，并将所生成的值在拷贝循环中使用，这可能导致执行任意代码。 Microsoft Windows XP SP3 Microsoft Windows XP Pro x64版SP2 Microsoft Windows Vista SP2 Microsoft Windows...

Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion...

Stable Update: Fix Google Chrome not Starting

Google Chrome's Stable channel has been updated to 3.0.195.33 to fix a potential issue that could cause Google Chrome to stop working and a security issue. This release removes a dependency on a Windows library t2embed.dll that is not required by Google Chrome. If that library is missing or the...

CVE-2009-0231

CVE-2009-0231 concerns a heap-based overflow in the Embedded OpenType Font Engine (T2EMBED.DLL) used by Microsoft Windows. The vulnerability stems from an integer truncation while processing OpenType font records, allowing remote attackers to execute arbitrary code by delivering a crafted EOT/Ope...

Microsoft Embedded OpenType Font Engine "t2embed" Remote Heap Overflow

/ oh my, bad luck, eEye released the advisory few minutes ago, and I've been researching this bug since about a week, sorry, it's cancelled / NOTE: this is super initial raport, if you expect some more info mail me for the bank account number... Microsoft Embedded OpenType Font Engine "t2embed"...

[VulnWatch] [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability

EEYEB-20050801 Windows Embedded Open Type EOT Font Heap Overflow Vulnerability Release Date: January 10, 2006 Date Reported: July 31, 2005 Time to Patch: 163 Days Severity: High Code Execution Systems Affected: Windows ME Windows 98 Windows NT Windows 2000 Windows XP SP1 / SP2 Windows Server 2003...

Heap overflow

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type EOT web font that triggers the...

CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type EOT web font that triggers the...

CVE-2006-0010

CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...