Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities

Original release date: January 12, 2010
Last revised: --
Source: US-CERT

Systems Affected

• Microsoft Windows and Internet Explorer
• Adobe (Macromedia) Flash Player 6

Overview

Microsoft has released updates to address a vulnerability in the Windows Embedded Open Type (EOT) font engine. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.

I. Description

Microsoft Security Bulletin MS10-001 describes a vulnerability in the Embedded Open Type (EOT) font engine in Windows. Microsoft Security Advisory (979267) recommends that Windows XP users remove or upgrade Adobe Flash Player 6 (formerly Macromedia Flash Player) that is included with Windows XP. Vulnerability Note VU#204889 discusses one vulnerability in Flash Player 6 and provides several workarounds.

These vulnerabilities could be exploited by loading specially crafted fonts or Flash content via Internet Explorer.

Microsoft assigns the EOT font vulnerability a "low" severity rating in most current versions of Windows and notes that reliable code execution is unlikely. The severity rating for Windows 2000, however, is "critical."

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft Security Bulletin MS10-001 provides updates for the EOT font vulnerability. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Upgrade, Remove, or Disable Adobe Flash Player 6

Adobe Flash Player 6 is included with Windows XP. Adobe has addresssed these vulnerabilities in newer versions of Flash Player. Upgrade to a more recent version of Flash Player (such as Flash Player 10). Alternatively, uninstall Flash Player or set the kill bit for the Flash Player ActiveX control as described in Microsoft Security Advisory (979267) and Vulnerability Note VU#204889.

IV. References

• Microsoft Security Bulletin Summary for January 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx>
• Microsoft Security Bulletin MS10-001 - <http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx>
• MS10-001: Font file decompression vulnerability - <http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx>
• CVE-2010-0018 - <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018>
• Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution - <http://www.microsoft.com/technet/security/advisory/979267.mspx>
• Vulnerability Note VU#204889 - <http://www.kb.cert.org/vuls/id/204889>
• Adobe Flash Player - <http://get.adobe.com/flashplayer/>
• How to uninstall the Adobe Flash Player plug-in and ActiveX control - <http://kb2.adobe.com/cps/141/tn_14157.html>
• Windows Server Update Services (WSUS) - <http://technet.microsoft.com/en-us/wsus/default.aspx>

---

Feedback can be directed to US-CERT.

---

Produced 2010 by US-CERT, a government organization. Terms of use

Revision History

January 12, 2010: Initial release