MS06-002: Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
High Nessus Plugin ID 20389
SynopsisArbitrary code can be executed on the remote host by sending a malformed file to a victim.
DescriptionThe remote version of Microsoft Windows contains a flaw in the Embedded Web Font engine. An attacker could execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page or by sending a malicious font file.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.