CVE-2006-0010

CWE-119Buffer Overflow6 documents4 sources
Severity
9.3CRITICAL
EPSS
49.8%
top 2.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows 2003 ServerMicrosoft Windows NT
Timeline
PublishedJan 10
Latest updateMay 1

Description

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/windows_nt3.5.1, 4.0+1

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-4373-qwqg-vgwm: Heap-based buffer overflow in T2EMBED2022-05-01
CVEList
CVE-2006-0010: Heap-based buffer overflow in T2EMBED2006-01-10

💬Community

2
Bugzilla
CVE-2007-0010 GdbPixbufLoader fails to handle invalid input from Evolution correctly2006-12-10
Bugzilla
CVE-2007-0010 GdbPixbufLoader fails to handle invalid input from Evolution correctly2006-12-08
CVE-2006-0010 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in T2EMB | cvebase.io