Wednesday, January 11, 2006

A friend of mine has been researching Windows Embedded Open Type (EOT) Font vulnerability that he discovered in Windows about a week ago. Just when he finished the analysis, eEye released the vulnerability advisory, thus being ahead of him. Anyway, to this moment his analysis is the best known publicly available analysis of this vulnerability.

Overall, the vulnerability should be considered as CRITICAL, mostly due to the simple fact that EOT is supported by Internet Explorer, Microsoft Word, Excel and several other applications that allow to include EOT fonts in the document/file. It means that every .doc file or Internet web-site could potentially result in malicious application being exedcuted on your computer. Thus, it is extremely important to update all Windows computers at office or home quickly.

You can download patch from here. Install it ASAP!

No comments:

web statistics