Vulnerability Management

Windows Embedded Font Heap Overflow Vulnerability


A vulnerability has been discovered in the way Windows displays Embedded Open Type fonts. Similar to the WMF exploit, a user simply has to view HTML in their browser or email client to trigger an exploit. There is a big (okay huge) difference however, this is a heap overflow which is far more difficult to exploit that the WMF vulnerability. It still poses a threat and we will most likely see worms, bots, spyware, etc… take advantage of this vulnerability because the attack vector is easy to trigger.
You should:

  • Apply the patch from MS
  • View your email in plain text
  • Disable font downloads in Internet Explorer (more information here)

The vulnerability was discovered on July 31, 2005. We get a patch for it today, January 10, 2005. The Microsoft Honey Monkey Project uncovered exploits for vulnerabilities that Microsoft knew about and was patching, but didn’t think the public knew about. Does this one fall in the same category? It is quite feasible that evil people have been using this exploit for some time without our knowledge. Microsoft has to be able to produce a patch quicker than 163 days, that’s far too long for us to be standing here with our pants down. Meanwhile attackers sit around and laugh at at us from behind their happy hacking keyboard collecting people’s personal information like credit cards, bank account numbers, and passwords.
(Okay, so maybe attackers don’t use the happy hacking keyboard, but it sounded good :)
Full Microsoft Bulletin
EEye Advisory
Internet Storm Center Posting

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.