(MS10-001) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Identificadores de CVE : CVE-2010-0018
Fecha recomendada: 04 de febrero de 2011
Descripción
This security update resolves a vulnerability in certain versions of Microsoft Windows. This vulnerabilty could allow for arbitrary code to be executed on a system if a user views content rendered in a specially crafted Embedded OpenType (EOT) font.
Applications that support EOT include Microsoft Internet Explorer, Microsoft Office PowerPoint, and Microsoft Office Word.
Revelación de la información
For patch information and suggested workarounds, users are advised to refer to
this Microsoft webpage: http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx
Software y versión afectados
- Microsoft Windows 2000 Service Pack 4
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Vista
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3