Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability Network Vulnerability

Summary

This host is running Windows Server 2003 operating system and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attakers to cause denial of service via a specially-crafted file containing EOT font embedded in the document thus crashing the operating system. Impact Level: System

Solution

Vendor has released patch to fix the issue, refer below link for patch details. http://www.microsoft.com/en-us/download/details.aspx?id=1185

Insight

The vulnerability is due to an error in 'win32k.sys' when processing Embedded OpenType font.

Affected

Microsoft Windows 2003 Service Pack 2 and prior.

References

http://secunia.com/advisories/36250
http://www.microsoft.com/en-us/download/details.aspx?id=1185
http://xforce.iss.net/xforce/xfdb/52403

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3020

CVSS	Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
Microsoft Windows Indeo Codec Multiple Vulnerabilities
Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
Microsoft's SQL Blank Password
Microsoft Windows XP SP3 denial of service vulnerability

Take action and discover your vulnerabilities