Description
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
References (22)
Core 22
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16194
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2006/Jan/363
Various Sources x_refsource_misc
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/915930
Various Sources third-party-advisory
x_refsource_eeye
http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/18829
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0118
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18391
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23922
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015459
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18311
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18365
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421885/100/0/threaded
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-010A.html
Scores
EPSS
0.3219
EPSS Percentile
98.1%
Details
CWE
CWE-119
Status
published
Products (13)
microsoft/windows_2000
(5 CPE variants)
microsoft/windows_2003_server
datacenter_64-bit sp1
microsoft/windows_2003_server
enterprise (2 CPE variants)
microsoft/windows_2003_server
enterprise_64-bit (2 CPE variants)
microsoft/windows_2003_server
r2 (3 CPE variants)
microsoft/windows_2003_server
standard (2 CPE variants)
microsoft/windows_2003_server
standard_64-bit
microsoft/windows_2003_server
web (2 CPE variants)
microsoft/windows_98
microsoft/windows_98se
... and 3 more
Published
Jan 10, 2006
Tracked Since
Feb 18, 2026