Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-0231
HistoryJul 15, 2009 - 3:30 p.m.

CVE-2009-0231

2009-07-1515:30:01
CWE-681
[email protected]
web.nvd.nist.gov
25
microsoft windows
eot font
t2embed.dll
remote code execution
integer truncation
buffer overflow

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.361 Low

EPSS

Percentile

97.2%

JSON

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka “Embedded OpenType Font Heap Overflow Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_2000Match-sp4
OR
microsoftwindows_server_2003Match-sp2
OR
microsoftwindows_server_2008Match-
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vistaMatch-
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpsp2professionalx64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3

Related

cvelist 2
checkpoint_advisories 2
nvd 2
securityvulns 3
prion 2
nessus 1
openvas 2
cve 1
cvelist
cvelist
CVE-2009-0231
2009-07-15 15:00:00
CVE-2009-3020
2009-08-31 16:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Embedded OpenType Font Heap Buffer Overflow (MS09-029; CVE-2009-0231)
2010-02-03 00:00:00
Workaround for Microsoft Windows Embedded OpenType (EOT) Font Engine Remote Code Execution Vulnerabilities (MS09-029)
2009-07-14 00:00:00
nvd
nvd
CVE-2009-0231
2009-07-15 15:30:01
CVE-2009-3020
2009-08-31 16:30:09
securityvulns
securityvulns
iDefense Security Advisory 07.15.09: Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability
2009-07-16 00:00:00
Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
2009-07-14 00:00:00
Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities
2010-01-15 00:00:00
prion
prion
Heap overflow
2009-07-15 15:30:00
Design/Logic Flaw
2009-08-31 16:30:00
nessus
nessus
MS09-029: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
2009-07-14 00:00:00
openvas
openvas
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
2009-07-15 00:00:00
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
2009-07-15 00:00:00
cve
cve
CVE-2009-3020
2009-08-31 16:30:09

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.361 Low

EPSS

Percentile

97.2%

JSON
Related for CVE-2009-0231
cvelist2checkpoint_advisories2nvd2securityvulns3prion2nessus1openvas2cve1