← back
CVE-2009-3020

CVE-2009-3020

EPSS 16.7%
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/9417unverifiedexploitdbwww.exploit-db.com/exploits/9417unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://milw0rm.com/sploits/2009-wwbsod.ziphttp://secunia.com/advisories/36250https://exchange.xforce.ibmcloud.com/vulnerabilities/52403http://www.exploit-db.com/exploits/9417http://www.osvdb.org/57016http://www.securityfocus.com/bid/36029