New Search

Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability

oval:org.mitre.oval:def:8324

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold SP1 and SP2; Windows Server 2008 Gold SP2 and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2010-0018
Product(s):