ByteOS Network

NVD Vulnerability Details :

CVE-2009-0231

Modified

Source-secure@microsoft.com

Published At-15 Jul, 2009 | 15:30

Updated At-23 Apr, 2026 | 00:35

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>windows_2000>>-

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2003>>-

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>-

cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>-

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>-

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_xp>>*

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:x64:*

Microsoft Corporation

>>windows_xp>>-

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_xp>>-

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-681	Primary	nvd@nist.gov

CWE ID: CWE-681

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811	secure@microsoft.com	Broken Link
http://osvdb.org/55842	secure@microsoft.com	Broken Link
http://www.securitytracker.com/id?1022543	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-195A.html	secure@microsoft.com	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1887	secure@microsoft.com	Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029	secure@microsoft.com	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457	secure@microsoft.com	Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://osvdb.org/55842	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.securitytracker.com/id?1022543	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-195A.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1887	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457	af854a3a-2127-422b-91ae-364da2661108	Broken Link