2006-01-10 23:03:00 2019-04-30 16:27:13

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Microsoft Windows NT 3.5.1 SP4 Microsoft Windows NT 3.5.1 SP5 Microsoft Windows NT 3.5.1 SP5 alpha Microsoft Windows NT 4.0 Microsoft Windows nt 4.0 Alpha (not an official CPE) Microsoft Windows nt 4.0 Enterprise server (not an official CPE) Microsoft Windows nt 4.0 Server (not an official CPE) Microsoft Windows nt 4.0 Terminal server (not an official CPE) Microsoft Windows nt 4.0 Terminal server alpha (not an official CPE) Microsoft Windows nt 4.0 Workstation (not an official CPE) Microsoft Windows 4.0 sp1 Microsoft Windows nt 4.0 Sp1 Alpha (not an official CPE) Microsoft Windows nt 4.0 Sp1 Enterprise server (not an official CPE) Microsoft Windows 4.0 sp1 server Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows 4.0 sp1 workstation Microsoft Windows 4.0 sp2 Microsoft Windows nt 4.0 Sp2 Alpha (not an official CPE) Microsoft Windows nt 4.0 Sp2 Enterprise server (not an official CPE) Microsoft Windows 4.0 sp2 server Microsoft windows xp_sp2 tablet_pc Microsoft windows xp_sp2 media_center Microsoft Windows xp Sp2 Home (not an official CPE) Microsoft windows xp_sp1 media_center Microsoft Windows xp Sp1 Home (not an official CPE) Microsoft Windows XP Professional Gold Microsoft Windows xp Media center (not an official CPE) Microsoft Windows xp Home (not an official CPE) Microsoft Windows xp 64-bit (not an official CPE) Microsoft Windows 4.0 sp6a workstation Microsoft Windows NT Terminal Server 4.0 SP6a Microsoft Windows 4.0 sp6a server Microsoft Windows nt 4.0 Sp6a Enterprise server (not an official CPE) Microsoft Windows nt 4.0 Sp6a Alpha (not an official CPE) Microsoft Windows 4.0 sp6a Microsoft Windows 4.0 sp6 workstation Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows 4.0 sp6 server Microsoft Windows nt 4.0 Sp6 Enterprise server (not an official CPE) Microsoft Windows nt 4.0 Sp6 Alpha (not an official CPE) Microsoft Windows 4.0 sp5 workstation Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows nt 4.0 Sp5 Alpha (not an official CPE) Microsoft Windows 4.0 sp5 server Microsoft Windows nt 4.0 Sp5 Enterprise server (not an official CPE) Microsoft Windows 4.0 sp5 Microsoft Windows 4.0 sp4 workstation Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows 4.0 sp4 server Microsoft Windows 4.0 sp4 Microsoft Windows nt 4.0 Sp4 Alpha (not an official CPE) Microsoft Windows nt 4.0 Sp4 Enterprise server (not an official CPE) Microsoft Windows 4.0 sp3 workstation Microsoft Windows nt 4.0 Sp3 Enterprise server (not an official CPE) Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows 4.0 sp3 server Microsoft Windows 4.0 sp2 workstation Microsoft Windows 4.0 sp3 Microsoft Windows nt 4.0 Sp3 Alpha (not an official CPE) Microsoft Windows 4.0 sp6 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT 3.5.1 SP2 Microsoft Windows NT 3.5.1 SP3 Microsoft Windows ME Microsoft Windows NT 3.5.1 Microsoft Windows NT 3.5.1 SP1 Microsoft windows 98_se Microsoft Windows 2003 server Web (not an official CPE) Microsoft Windows 2003 server Web Sp1 (not an official CPE) Microsoft windows 98_gold Microsoft Windows 2003 server Standard 64-bit (not an official CPE) Microsoft Windows 2003 server Standard 64-bit (not an official CPE) Microsoft Windows 2003 server Standard Sp1 (not an official CPE) Microsoft Windows 2003 server R2 Sp1 (not an official CPE) Microsoft Windows 2003 server R2 Datacenter 64-bit (not an official CPE) Microsoft Windows 2003 server R2 64-bit (not an official CPE) Microsoft Windows 2003 server Enterprise 64-bit (not an official CPE) Microsoft Windows 2003 server Enterprise 64-bit Sp1 (not an official CPE) Microsoft Windows 2003 server Enterprise Sp1 (not an official CPE) Microsoft Windows 2003 server Enterprise 64-bit (not an official CPE) Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2003 server Datacenter 64-bit Sp1 (not an official CPE) Microsoft windows 2000_sp2 Microsoft windows 2000_sp3 Microsoft windows 2000_sp1 Microsoft Windows 2000