Intrusion Prevention



This indicates a possible attack against an integer-handling vulnerability in Microsoft Windows.
The vulnerability is due to an error in the Microsoft Windows kernel when parsing a malformed Embedded OpenType (EOT) font. A remote attacker may exploit this to execute arbitrary code or cause denial of service.

Affected Products

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003


System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's website:

CVE References