CVE-2010-1883
HIGHMicrosoft Windows - Remote Code Execution via Embedded OpenType Font Integer Overflow
Title source: llmDescription
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-076
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-285A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6881
Scores
CVSS v3
7.8
EPSS
0.2334
EPSS Percentile
97.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-189
CWE-190
Status
published
Products (7)
microsoft/windows_2003_server
microsoft/windows_7
microsoft/windows_server_2003
microsoft/windows_server_2008
(6 CPE variants)
microsoft/windows_server_2008
r2 (2 CPE variants)
microsoft/windows_vista
(4 CPE variants)
microsoft/windows_xp
(2 CPE variants)
Published
Oct 13, 2010
Tracked Since
Feb 18, 2026