what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2010-12B

Technical Cyber Security Alert 2010-12B
Posted Jan 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-12B - Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2010-0018
SHA-256 | f028502ac6dd493464ea3f70a4b114253bffdf66a21c5f0ef3a08a8857e35f91

Technical Cyber Security Alert 2010-12B

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA10-012B


Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities

Original release date:
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows and Internet Explorer
* Adobe (Macromedia) Flash Player 6


Overview

Microsoft has released updates to address a vulnerability in the
Windows Embedded Open Type (EOT) font engine. Microsoft has also
published an Advisory about multiple vulnerabilities in Adobe
(Macromedia) Flash Player 6 that is included with Windows XP.


I. Description

Microsoft Security Bulletin MS10-001 describes a vulnerability in
the Embedded Open Type (EOT) font engine in Windows. Microsoft
Security Advisory (979267) recommends that Windows XP users remove
or upgrade Adobe Flash Player 6 (formerly Macromedia Flash Player)
that is included with Windows XP. Vulnerability Note VU#204889
discusses one vulnerability in Flash Player 6 and provides several
workarounds.

These vulnerabilities could be exploited by loading specially
crafted fonts or Flash content via Internet Explorer.

Microsoft assigns the EOT font vulnerability a "low" severity
rating in most current versions of Windows and notes that reliable
code execution is unlikely. The severity rating for Windows 2000,
however, is "critical."


II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application to
crash.


III. Solution

Apply updates from Microsoft

Microsoft Security Bulletin MS10-001 provides updates for the EOT
font vulnerability. The security bulletin describes any known
issues related to the updates. Administrators are encouraged to
note these issues and test for any potentially adverse effects.
Administrators should consider using an automated update
distribution system such as Windows Server Update Services (WSUS).

Upgrade, Remove, or Disable Adobe Flash Player 6

Adobe Flash Player 6 is included with Windows XP. Adobe has
addresssed these vulnerabilities in newer versions of Flash Player.
Upgrade to a more recent version of Flash Player (such as Flash
Player 10). Alternatively, uninstall Flash Player or set the kill
bit for the Flash Player ActiveX control as described in Microsoft
Security Advisory (979267) and Vulnerability Note VU#204889.


IV. References

* Microsoft Security Bulletin Summary for January 2010 -
<http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx>

* Microsoft Security Bulletin MS10-001 -
<http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx>

* MS10-001: Font file decompression vulnerability -
<http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx>

* CVE-2010-0018 -
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018>

* Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP
Could Allow Remote Code Execution -
<http://www.microsoft.com/technet/security/advisory/979267.mspx>

* Vulnerability Note VU#204889 -
<http://www.kb.cert.org/vuls/id/204889>

* Adobe Flash Player - <http://get.adobe.com/flashplayer/>

* How to uninstall the Adobe Flash Player plug-in and ActiveX control
-
<http://kb2.adobe.com/cps/141/tn_14157.html>

* Windows Server Update Services (WSUS) -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-012B.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA10-012B Feedback VU#552113" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2010 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 12, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS00EXNucaIvSvh1ZAQI6GwgAmQUsj5i0MCcOgCQvCDU49taISpIMNYfq
oLzRGO7H5+/hsHBcHEHnans7msAFTrRsEa3nk3ioWRE3PY+JetvPS69M1+oNCbDN
qjJ8ZxjfHWHChfSvi0MH4FHDp0QgpCGMwQ5K2fusiZYZxaooDEIPyL9T6AYlmmrH
OtpAOfMYhsB8XkSbVHqKmJ95Zj3C26OWA3MHtMoBKTuda5BVVCcA/IWP3AC94WpO
UiW2Xk9CVmoAa62+Cv2vSaOmN5nMgO1TncBJDgIFfVuQNR+xALBzGxPnkibgQ2xB
M2cSV51649wsmmiQn4OFsQWYL3piWIgwXH9iCLU8XXirkApoQDefxg==
=dQlq
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close