Info

Disclosure

Jan 10, 2006

Discovery

Jul 31, 2005

Dates

Exploit

Unknown

Solution

Jan 10, 2006

Description

A remote overflow exists in Microsoft Windows. Many versions fail to perform correct boundary checks in web requests involving embedded fonts, resulting in a heap overflow. With a specially crafted web font, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	98
		98 Second Edition (SE)
		Millennium Edition (ME)
		2000 Service Pack 4
		XP Service Pack 1
		XP Service Pack 2
		XP Professional x64 Edition
		Server 2003
		Server 2003 Service Pack 1
		Server 2003 for Itanium-based systems
		Server 2003 with SP1 for Itanium-based Systems
		Server 2003 64-bit Edition

References

Security Tracker: 1015459
Secunia Advisory ID: 18311 18365 18391
SCIP VulDB ID: 1962
CVE ID: 2006-0010 (see also: NVD)
Microsoft Knowledge Base Article: 908519
Keyword: EEYEB-20050801
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0358.html
Other Advisory URL: http://research.eeye.com/html/advisories/upcoming/20050801.html
http://www.eeye.com/html/research/upcoming/20050801.html [ Link is 404 ]
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525&RenditionID=
News Article: http://www.eweek.com/article2/0,1895,1909647,00.asp
Vendor URL: http://www.microsoft.com/
Microsoft Security Bulletin: MS06-002

Credit

Fang Xing - advisorieseeye.com - eEye Digital Security

Direct URL: http://osvdb.org/18829