The Internet: Bad Write in TTF font parsing (win32k.sys)

2015-02-18T17:46:07
ID H1:48100
Type hackerone
Reporter dirtybit
Modified 2015-03-01T08:29:00

Description

This bug was originally reported through Project Zero at Google. Alex Rice suggested to me that I could potentially receive a bounty through Hacker One so I am also opening a report here.

The vulnerability reference numbers are MS15-010 CVE-2015-0059

The original bug report is https://code.google.com/p/google-security-research/issues/detail?id=172

Microsoft released a patch on 2/10/15 https://technet.microsoft.com/library/security/dn903755.aspx

Repros, loader, and minidumps are attached