HighMicrosoft Windows Knowledge Base Article 972270 update is not installed on the system, which could allow an attacker to exploit the following vulnerability:
Microsoft Windows is vulnerable to a heap-based buffer overflow, caused by an integer overflow when the Embedded OpenType Font Engine decompresses malicious files. By persuading a victim to open a specially-crafted file containing EOT font embedded in the document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS10-001. See References.
IBM Internet Security Systems X-Force Database
Microsoft Windows EOT font buffer overflow
http://xforce.iss.net/xforce/xfdb/55149
Microsoft Security Bulletin MS10-001
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx
ISS X-Force
Microsoft Windows Knowledge Base Article 972270 update is not installed
http://www.iss.net/security_center/static/55150.php
CVE CVE-2010-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018
