Related information

Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities

Microsoft Security Bulletin MS10-001 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

iDefense Security Advisory 07.15.09: Microsoft Embedded OpenType Font Engine (T2EMBED. DLL) Heap Buffer Overflow Vulnerability

Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

From:	CERT <cert_(at)_cert.gov>
Date:	15.01.2010
Subject:	US-CERT Technical Cyber Security Alert TA10-012B -- Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   National Cyber Alert System

             Technical Cyber Security Alert TA10-012B


Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities

  Original release date:
  Last revised: --
  Source: US-CERT


Systems Affected

    * Microsoft Windows and Internet Explorer
    * Adobe (Macromedia) Flash Player 6


Overview

  Microsoft has released updates to address a vulnerability in the
  Windows Embedded Open Type (EOT) font engine. Microsoft has also
  published an Advisory about multiple vulnerabilities in Adobe
  (Macromedia) Flash Player 6 that is included with Windows XP.


I. Description

  Microsoft Security Bulletin MS10-001 describes a vulnerability in
  the Embedded Open Type (EOT) font engine in Windows. Microsoft
  Security Advisory (979267) recommends that Windows XP users remove
  or upgrade Adobe Flash Player 6 (formerly Macromedia Flash Player)
  that is included with Windows XP. Vulnerability Note VU#204889
  discusses one vulnerability in Flash Player 6 and provides several
  workarounds.

  These vulnerabilities could be exploited by loading specially
  crafted fonts or Flash content via Internet Explorer.

  Microsoft assigns the EOT font vulnerability a "low" severity
  rating in most current versions of Windows and notes that reliable
  code execution is unlikely. The severity rating for Windows 2000,
  however, is "critical."


II. Impact

  A remote, unauthenticated attacker could execute arbitrary code,
  gain elevated privileges, or cause a vulnerable application to
  crash.


III. Solution

  Apply updates from Microsoft

  Microsoft Security Bulletin MS10-001 provides updates for the EOT
  font vulnerability. The security bulletin describes any known
  issues related to the updates. Administrators are encouraged to
  note these issues and test for any potentially adverse effects.
  Administrators should consider using an automated update
  distribution system such as Windows Server Update Services (WSUS).

  Upgrade, Remove, or Disable Adobe Flash Player 6

  Adobe Flash Player 6 is included with Windows XP. Adobe has
  addresssed these vulnerabilities in newer versions of Flash Player.
  Upgrade to a more recent version of Flash Player (such as Flash
  Player 10). Alternatively, uninstall Flash Player or set the kill
  bit for the Flash Player ActiveX control as described in Microsoft
  Security Advisory (979267) and Vulnerability Note VU#204889.


IV. References

* Microsoft Security Bulletin Summary for January 2010 -
  <http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx>

* Microsoft Security Bulletin MS10-001 -
  <http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx>

* MS10-001: Font file decompression vulnerability -
 
<http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompress
ion-vulnerability.aspx>

* CVE-2010-0018 -
  <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018>

* Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP
  Could Allow Remote Code Execution -
  <http://www.microsoft.com/technet/security/advisory/979267.mspx>

* Vulnerability Note VU#204889 -
  <http://www.kb.cert.org/vuls/id/204889>

* Adobe Flash Player - <http://get.adobe.com/flashplayer/>

* How to uninstall the Adobe Flash Player plug-in and ActiveX control
  -
  <http://kb2.adobe.com/cps/141/tn_14157.html>

* Windows Server Update Services (WSUS) -
  <http://technet.microsoft.com/en-us/wsus/default.aspx>

____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA10-012B.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA10-012B Feedback VU#552113" in
  the subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2010 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

 January 12, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS00EXNucaIvSvh1ZAQI6GwgAmQUsj5i0MCcOgCQvCDU49taISpIMNYfq
oLzRGO7H5+/hsHBcHEHnans7msAFTrRsEa3nk3ioWRE3PY+JetvPS69M1+oNCbDN
qjJ8ZxjfHWHChfSvi0MH4FHDp0QgpCGMwQ5K2fusiZYZxaooDEIPyL9T6AYlmmrH
OtpAOfMYhsB8XkSbVHqKmJ95Zj3C26OWA3MHtMoBKTuda5BVVCcA/IWP3AC94WpO
UiW2Xk9CVmoAa62+Cv2vSaOmN5nMgO1TncBJDgIFfVuQNR+xALBzGxPnkibgQ2xB
M2cSV51649wsmmiQn4OFsQWYL3piWIgwXH9iCLU8XXirkApoQDefxg==
=dQlq
-----END PGP SIGNATURE-----