Microsoft Windows Uniscribe Font Parsing Engine Memory Corruption Vulnerability ( 15 September 2010 )
Last Update Date:
28 Jan 2011
Release Date:
15 Sep 2010
4999
Views
RISK: Medium Risk
A remote code execution vulnerability exists in affected versions of Microsoft Windows and Microsoft Office. The vulnerability exists because Windows and Office incorrectly parse specific font types in such a way that could allow remote code execution. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.
Impact
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Microsoft Office XP
- Microsoft Office 2003
- Microsoft Office 2007
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2007 Service Pack 2
Vulnerability Identifier
Source
Related Link
Share with