CVE-2006-0010

Microsoft Windows <SP2 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

References (22)

Core 22
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16194
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2006/Jan/363
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/915930
Various Sources third-party-advisory x_refsource_eeye
http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18829
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0118
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18391
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23922
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015459
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18311
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18365
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421885/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-010A.html

Scores

EPSS 0.3219
EPSS Percentile 98.1%

Details

CWE
CWE-119
Status published
Products (13)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server datacenter_64-bit sp1
microsoft/windows_2003_server enterprise (2 CPE variants)
microsoft/windows_2003_server enterprise_64-bit (2 CPE variants)
microsoft/windows_2003_server r2 (3 CPE variants)
microsoft/windows_2003_server standard (2 CPE variants)
microsoft/windows_2003_server standard_64-bit
microsoft/windows_2003_server web (2 CPE variants)
microsoft/windows_98
microsoft/windows_98se
... and 3 more
Published Jan 10, 2006
Tracked Since Feb 18, 2026