MS.Embedded.OpenType.Font.Engine.Code.Execution

Release Date Jul 14, 2009
Severity critical
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt against a heap-overflow vulnerability in Microsoft Embedded OpenType Font Engine, which was caused by improper integer operation. Successful exploitation could result to remote code execution.
Affected Products Microsoft Windows 2000 SP 4 Windows XP SP2 & SP3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista SP1 and SP 2 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Recommended Actions Apply patch, available from the web site: http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2009-0231
Reference/s http://technet.microsoft.com/en-us/security/bulletin/ms09-029.mspx (MS-ID)

Fortinet