Bugtraq mailing list archives
Re: Opentype font file causes Windows to restart.
From: Kim Scarborough <kjs () uchicago edu>
Date: Tue, 07 Jan 2003 11:41:38 -0600
dildog wrote:
I suppose that IE's 'automatic font download' support (which is on by default) would exacerbate this problem, correct?
If you mean IE's font embedding support, it's unclear. Embedded font files are a different format than standard font files (to prevent piracy). They are not viewable in Font Viewer, so I doubt this same sort of attack could be done that way. If the folks who gave us this OTF want to try it on a EOT file (MS's embedding format) and see if they can crash IE (or get it to execute code), that'd be interesting.
If you mean IE's international support, which will download fonts when necessary, then yes, it would be vulnerable to this attack, but since it only downloads those files directly from Microsoft, it's no more of a danger than a Service Pack or anything else you get from them. If MS's download area is compromised, people have a lot more to fear than trojaned font files.
-- ---------------------------------------------------------------------------- Kim Scarborough Web Systems Administrator University of Chicago/NSIT (773) 834-7740 ----------------------------------------------------------------------------
Current thread:
- Re: [VulnDiscuss] Re: Opentype font file causes Windows to restart - rename .TTF, (continued)
- Message not available
- Message not available
- Re: [VulnDiscuss] Re: Opentype font file causes Windows to restart - rename .TTF Alan Olsen (Jan 21)
- Message not available
- Re: [VulnDiscuss] Re: Opentype font file causes Windows to restart. Mark Litchfield (Jan 21)
- Re[2]: Opentype font file causes Windows to restart. Andrew (Jan 19)
- Re: Opentype font file causes Windows to restart. Chris Ridd (Jan 21)
- Re: Opentype font file causes Windows to restart. Berend-Jan Wever (Jan 07)
- Re: Opentype font file causes Windows to restart. Kim Scarborough (Jan 07)