CVE-2006-0010 : Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

Published 2006-01-10 22:03:00

Updated 2019-04-30 14:27:14

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2006-0010

Microsoft » Windows Nt » Version: 4.0 Update SP1
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1
cpe:2.3:o:microsoft:windows_nt:3.5.1:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP1
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP2
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP3
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP4
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP5
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp5:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP2 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP1 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP3 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Enterprise Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP4 Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP5 Workstation Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update SP6 Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Update Sp6a Terminal Server Edition
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 4.0 Terminal Server Alpha Edition
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
Matching versions
Microsoft » Windows Nt » Version: 3.5.1 Update SP5 Alpha Edition
cpe:2.3:o:microsoft:windows_nt:3.5.1:sp5:alpha:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98se
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Tablet Pc Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Home Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Home Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Home Edition
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update Gold Professional Edition
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: WEB
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 Datacenter 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Standard 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Standard 64-bit
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise Update SP1
cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Standard Update SP1
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Datacenter 64-bit Update SP1
cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit Update SP1
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: WEB Update SP1
cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0010

EPSS FAQ

83.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0010

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2006-0010

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-0010

Jump to

Vulnerability Details : CVE-2006-0010

Products affected by CVE-2006-0010

Exploit prediction scoring system (EPSS) score for CVE-2006-0010

CVSS scores for CVE-2006-0010

CWE ids for CVE-2006-0010

References for CVE-2006-0010