01.10.2006 - MS06-002: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

A remote code execution vulnerability exists in Windows because of the way that it handles malformed embedded Web fonts. An attacker could exploit the vulnerability by constructing a malicious embedded Web font that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Download Microsoft Windows 2000 SP4 - Download Microsoft Windows XP SP1/SP2 - Download Microsoft Windows XP Professional x64 Edition - Download Microsoft Windows Server 2003 RTM/SP1 - Download Microsoft Windows Server 2003 (Itanium) RTM/SP1 - Download Microsoft Windows Server 2003 x64 Edition - View Microsoft Security Bulletin MS06-002 - View Microsoft Knowledge Base Article - 908519 - Visit Microsoft Corporation