CVE-2009-3020

Windows Server 2003 SP2 - Denial of Service via Crafted EOT Font File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3020. PoCs published by webDEViL.

AI-analyzed exploit summary This exploit triggers a Blue Screen of Death (BSOD) on Microsoft Windows 2003 by leveraging a vulnerability in the handling of EOT (Embedded OpenType) files. The exploit is a proof-of-concept that demonstrates a denial-of-service condition.

Description

win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by webDEViL · textdoswindows

https://www.exploit-db.com/exploits/9417

View Code ZIP pw:eip

This exploit triggers a Blue Screen of Death (BSOD) on Microsoft Windows 2003 by leveraging a vulnerability in the handling of EOT (Embedded OpenType) files. The exploit is a proof-of-concept that demonstrates a denial-of-service condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 2003

No auth needed

Prerequisites: Access to deliver the malicious EOT file to the target system

MITRE ATT&CK