Microsoft_Windows_Embedded_Web_Font_Handling_Buffer_Overflow_attack

A buffer overflow vulnerability exists in the Microsoft Windows embedded web font handling component. The vulnerability is caused by a failure to correctly validate specified allocation size values when decompressing Embedded Open Type fonts. An attacker may exploit this vulnerability by delivering a malicious embedded web font to a target host, resulting in arbitrary code execution. In most cases, an attack will cause the vulnerable program to terminate, as the success of an attack largely depends on the memory layout of the target system at the time of exploitation. In a successful attack, where arbitrary code is supplied and executed on the vulnerable target host, the behaviour of the target system is dependent on the intention of the injected code. Note that any code executed by the attacker will run with the privileges of the currently logged in user.