CVE-2009-0231

high-risk
Published 2009-07-15

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."

Do I need to act?

!
65.0% chance of exploitation in next 30 days
EPSS score — higher than 35% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (11)

Affected Vendors

Microsoft

References (14)

Broken Link http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811
Broken Link http://osvdb.org/55842
Broken Link http://www.securitytracker.com/id?1022543
Third Party Advisory http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Broken Link http://www.vupen.com/english/advisories/2009/1887
Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02...
Broken Link https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Broken Link http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811
Broken Link http://osvdb.org/55842
Broken Link http://www.securitytracker.com/id?1022543
Third Party Advisory http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Broken Link http://www.vupen.com/english/advisories/2009/1887
Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02...
Broken Link https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
65
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 19/34 · Moderate
Exposure 16/34 · Moderate