MS.Embedded.OpenType.Font.Engine.Heap.Overrun

Release Date Jul 14, 2009
Severity critical
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attack attempt against a heap-overrun vulnerability in Microsoft Embedded OpenType Font Engine, which was caused by improper integer operation. Successful exploitation could allow remote attackers to execute arbitrary code.
Affected Products Microsoft Windows 2000 SP 4 Windows XP SP2 & SP3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Windows Vista SP1 and SP 2 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Recommended Actions Apply patch, available from the web site: http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2009-0232
Reference/s http://technet.microsoft.com/en-us/security/bulletin/ms09-029.mspx (MS-ID)

Fortinet