OpenType Font Engine Could Allow Remote Code Execution

Another Code Execution Problem courtesy of Microsoft


There were reports that vulnerabilities in the Windows Embedded OpenType (EOT) Font Engine could allow remote code execution. A remote user can cause arbitrary code to be executed on the target user’s system. Same thing from my older post regarding remote code execution, some specially crafted fonts can execute codes and attack security policy on your workstations.



fonts

Web page or document containing a specially crafted EOT Fonts, when loaded by other users, will trigger a buffer overflow and execute arbitrary code on the target system. Font Engines are software used by Operating Systems that converts the information in a TrueType font into a raster image suitable for display on screen or printer. Microsoft announces these problem as critical and that all windows user are advise to updates security patches from their website.

13 thoughts on “OpenType Font Engine Could Allow Remote Code Execution”

    • No problem bro, picturing the emergency room, the wards room, the patient’s rest room I really feel uncomfortable by just imagining it. Hope she get well soon. Thanks again.

      Reply
  1. No problem bro, picturing the emergency room, the wards room, the patient's rest room I really feel uncomfortable by just imagining it. Hope she get well soon. Thanks again.

    Reply
  2. Jhong,

    I would love to learn all of these tricks! Well, not really tricks but more on precautions. If there are people who can hack you (sounds funny), there are those who can defend you from them, right?

    Z

    Reply
  3. Jhong,

    I would love to learn all of these tricks! Well, not really tricks but more on precautions. If there are people who can hack you (sounds funny), there are those who can defend you from them, right?

    Z

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.