Microsoft Windows Type 1 Font callother Opcode Heap Buffer Underflow Remote Code Execution Vulnerability

ID ZDI-15-227
Type zdi
Reporter s3tm3m
Modified 2015-11-09T00:00:00


This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of certain Type 1 fonts. By providing a crafted font, an attacker can cause a negative offset to be used when calculating a heap buffer address. This would allow an attacker to execute arbitrary code as SYSTEM.