MS.Kernel.Font.Parsing.TTF.Integer.Overflow
Description
This indicates a possible attack against an integer-handling vulnerability in Microsoft Windows.
The vulnerability is due to an error in the Microsoft Windows kernel when parsing a malformed Embedded OpenType (EOT) font. A remote attacker may exploit this to execute arbitrary code or cause denial of service.
Affected Products
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact
System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/ms09-065.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |