(MS10-001) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

  CVE Identifier: CVE-2010-0018
  Advisory Date: FEB 04, 2011

  DESCRIPTION

This security update resolves a vulnerability in certain versions of Microsoft Windows. This vulnerabilty could allow for arbitrary code to be executed on a system if a user views content rendered in a specially crafted Embedded OpenType (EOT) font.

Applications that support EOT include Microsoft Internet Explorer, Microsoft Office PowerPoint, and Microsoft Office Word.

  TREND MICRO PROTECTION INFORMATION

For patch information and suggested workarounds, users are advised to refer to this Microsoft webpage: http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Windows 2000 Service Pack 4
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Service Pack 2
  • Windows XP Service Pack 3

Featured Stories