(MS10-001) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Publish Date: 04 Februar 2011
CVE Kennungen:: CVE-2010-0018
Hinweisdatum: 04 Februar 2011
Beschreibung
This security update resolves a vulnerability in certain versions of Microsoft Windows. This vulnerabilty could allow for arbitrary code to be executed on a system if a user views content rendered in a specially crafted Embedded OpenType (EOT) font.
Applications that support EOT include Microsoft Internet Explorer, Microsoft Office PowerPoint, and Microsoft Office Word.
Trend Micro Lösungen
For patch information and suggested workarounds, users are advised to refer to
this Microsoft webpage: http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx
Betroffene Software und Version:
- Microsoft Windows 2000 Service Pack 4
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3