Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability Network Vulnerability

Summary

This host is running Windows Server 2003 operating system and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attakers to cause denial of service via a specially-crafted file containing EOT font embedded in the document thus crashing the operating system. Impact Level: System

Solution

Vendor has released patch to fix the issue, refer below link for patch details. http://www.microsoft.com/en-us/download/details.aspx?id=1185

Insight

The vulnerability is due to an error in 'win32k.sys' when processing Embedded OpenType font.

Affected

Microsoft Windows 2003 Service Pack 2 and prior.

References

http://secunia.com/advisories/36250
http://www.microsoft.com/en-us/download/details.aspx?id=1185
http://xforce.iss.net/xforce/xfdb/52403

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3020
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Adobe Flash Player Remote Code Execution Vulnerability (WinXP)
Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
JS.Scob.Trojan or Download.Ject Trojan
Microsoft Windows Indeo Codec Multiple Vulnerabilities

Take action and discover your vulnerabilities