This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
It is possible to execute arbitrary code on the remote Windows host
using the Embedded OpenType Font Engine.
The remote Windows host contains a version of the Embedded OpenType
(EOT) Font Engine that is affected by an integer overflow
vulnerability in the 'LZCOMP' decompressor when decompressing a
specially crafted font.
If an attacker can trick a user on the affected system into viewing
content rendered in a specially crafted EOT font, this issue could be
leveraged to execute arbitrary code subject to the user's privileges.
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista, 2008, and Windows 7.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true