Microsoft Windows EOT File Remote code execution vulnerability Client
Severity: HIGH
CVE Identifier: CVE-2006-0010
Advisory Date: FEB 15, 2011
DESCRIPTION
�Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000161
Trend Micro Deep Security DPI Rule Name: 1000161 - Microsoft Windows EOT File Remote Code Execution Vulnerability
AFFECTED SOFTWARE AND VERSION
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 98
- Microsoft Windows 98 SE
- Microsoft Windows ME
- Microsoft Windows NT 3.5
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 3.5.1 SP1
- Microsoft Windows NT 3.5.1 SP2
- Microsoft Windows NT 3.5.1 SP3
- Microsoft Windows NT 3.5.1 SP4
- Microsoft Windows NT 3.5.1 SP5
- Microsoft Windows NT 3.5.1 SP5 alpha
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1 alpha
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2 alpha
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3 alpha
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4 alpha
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5 alpha
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6 alpha
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a alpha
- Microsoft Windows NT 4.0 alpha
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter
- Microsoft Windows Server 2003 Datacenter 64-bit
- Microsoft Windows Server 2003 Datacenter 64-bit SP1
- Microsoft Windows Server 2003 Datacenter SP1
- Microsoft Windows Server 2003 Enterprise
- Microsoft Windows Server 2003 Enterprise 64-bit
- Microsoft Windows Server 2003 Enterprise 64-bit SP1
- Microsoft Windows Server 2003 Enterprise SP1
- Microsoft Windows Server 2003 Standard
- Microsoft Windows Server 2003 Standard 64-bit
- Microsoft Windows Server 2003 Standard SP1
- Microsoft Windows Server 2003 Web
- Microsoft Windows Server 2003 Web SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Media Center
- Microsoft Windows XP Media Center SP1
- Microsoft Windows XP Media Center SP2
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional 64-bit
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Tablet PC
- Microsoft Windows XP Tablet PC SP1
- Microsoft Windows XP Tablet PC SP2
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more