Intrusion Prevention

MS.Kernel.Font.Parsing.TTF.Integer.Overflow

Description

This indicates a possible attack against an integer-handling vulnerability in Microsoft Windows.
The vulnerability is due to an error in the Microsoft Windows kernel when parsing a malformed Embedded OpenType (EOT) font. A remote attacker may exploit this to execute arbitrary code or cause denial of service.

Affected Products

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Impact

System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/ms09-065.mspx

CVE References

CVE-2009-2514