• 공개일 : 2010-01-14
• 변경일 : 2010-08-21

• 위험도: 9.3
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2010-01-14

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."

• CERT, TA10-012B
• MS, MS10-001
• VUPEN, ADV-2010-0095
• SECTRACK, 1023432
• BID, 37671
• SECUNIA, 35457
• OSVDB, 61651
• MISC, http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decom..

• microsoft windows_xp
• microsoft windows_2003_server
• microsoft windows_vista x64
• microsoft windows_server_2008 x64
• microsoft windows_server_2008 x64
• microsoft windows_vista x64
• microsoft windows_vista x64
• microsoft windows_server_2008 x32
• microsoft windows_vista
• microsoft windows_xp - x64
• microsoft windows_vista
• microsoft windows_xp
• microsoft windows_2003_server itanium
• microsoft windows_server_2008 itanium
• microsoft windows_server_2008 x64
• microsoft windows_server_2008 - itanium
• microsoft windows_2000
• microsoft windows_7 - x32
• microsoft windows_server_2008 itanium
• microsoft windows_7 - x64
• microsoft windows_vista
• microsoft windows_2003_server x64
• microsoft windows_server_2008 x32