[Microsoft Alert] Microsoft Security Bulletin MS06-004

Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

Issued: February 14, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS05-054. That update is also a cumulative update.

 

Vulnerability Details:

A remote code execution vulnerability exists in Internet Explorer because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site, opened or previewed an e-mail message, or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Note that this vulnerability in Internet Explorer is separate from the vulnerabilities addressed in Windows in MS05-053 and MS06-001.

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

 

---