Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/01/2010 Updated: 07/12/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote malicious users to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008
microsoft windows 2003 server
microsoft windows xp
microsoft windows server 2008 -
microsoft windows xp -
microsoft windows vista
microsoft windows 2000
microsoft windows 7 -

CWE-189 http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx http://www.us-cert.gov/cas/techalerts/TA10-012B.html http://www.securityfocus.com/bid/37671 http://www.vupen.com/english/advisories/2010/0095 http://secunia.com/advisories/35457 http://www.securitytracker.com/id?1023432 http://osvdb.org/61651 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8324 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-001 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0018

Vulnerability Summary

References

Vulmon Search

About

Products

Connect