Title

Microsoft Windows Embedded OpenType Font Engine Vulnerability (Cat I impact)

Discussion

Microsoft has released a Security Bulletin to address a vulnerability affecting Microsoft Windows Embedded OpenType (EOT) Font. Embedded OpenType (EOT) fonts are a compact form of fonts used for embedding in documents or on Web pages. These fonts may be embedded in certain document formats or incorporated into Web pages. Use of EOT fonts ensures that users view the document exactly as the author intended. To exploit this vulnerability, an attacker would host a web site containing malicious EOT font or send a file via email containing malicious EOT font and entice a user to open or preview the file. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Embedded OpenType Font Integer Overflow Vulnerability - (CVE-2010-1883): A remote code execution vulnerability exists in the way that Microsoft Windows Embedded OpenType (EOT) font technology parses certain tables in specially crafted embedded fonts. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-076 (982132). Vulnerable Applications/Systems: Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 (x86, x64 and Itanium) Windows Vista SP 1 and SP 2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP 2 (x86**, x64** and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64** and Itanium) **Server Core installation not affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. T2embed.dll Windows XP SP3 5.1.2600.6031 Windows XP SP2 x64 5.2.3790.4766 Windows 2003 SP2 5.2.3790.4766 Windows Vista SP1 / 2008 6.0.6001.18520 or 22750 Windows Vista SP2 / 2008 SP2 6.0.6002.18301 or 22475 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16663 or 20788

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25528

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.