Fri, 29 Mar 2024 Today's Paper

MS Patch Tuesday: Another critical font engine vulnerability

13 January 2010 03:13 am - 0     - {{hitsCtrl.values.hits}}

A A A

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.

The update is rated “critical” but Microsoft says there is a low likelihood of exploitation on its newer operating systems.

The vulnerability, which was discovered by Google security engineer Tavis Ormandy, is a remote code execution issue in the way that the Microsoft Windows Embedded OpenType (EOT) Font Engine decompresses specially crafted EOT fonts.

From the MS10-001 advisory:

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Because Microsoft considers this a very difficult vulnerability to exploit on most operating systems, it is rated “critical” only for Windows 2000.

However, it’s important to note that Windows XP, Windows Vista and Windows 7 are all affected by this flaw.

The Microsoft Security Research & Defense blog explains in more detail:

What is the issue?
t2embed.dll improperly performs bounds-checking on lengths which are decoded from the LZCOMP bit-stream. This made it possible for a copy loop to violate the intended working buffer.

Is the EOT functionality reachable through 3rd party code?
Yes, the t2embed library provides EOT functionality that can be used by 3rd party code.  Many 3rd parties import t2embed for their font rendering, though some may choose to implement their own font rendering.

Why an Exploitability Index rating of 2?
The Exploitability Index rating or 2 is due to the low likelihood of successful exploitation. Hurdles exist around heap preparation and predictability, heap data corruption, and a race condition to get an exception handler making successful exploitation unlikely.

The company warned that malicious hacker could use rigged fonts (EOT) delivered within files hosted on Web sites that are rendered in all versions of Internet Explorer by default.

An attacker could also use malicious office documents e-mailed to victims.  In a successful attack, a user running an unpatched machine would have to be tricked into opening a document — PowerPoint or Word documents — that contains a malformed embedded font.


Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

  Comments - 0

Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment





Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

VAT increase: SOUNDs death knell for publishers, readers

Though the Government imposed VAT (Value Added Tax) on vegetables and other e

How female change-makers are driving Sri Lanka’s energy saving platform

Saving energy has become more of a responsibility than a habit in today’s c

A dull Ramadan awaits Muslims amidst the Soaring Cost of Living

In the coming days, Muslims across the world will welcome the Holy Month of R

New wildlife underpass to curtail HEC

As of February 2024, Sri Lanka lost another 38 elephants as a result of the H