[28404] in bugtraq
Re: Opentype font file causes Windows to restart.
daemon@ATHENA.MIT.EDU (Kim Scarborough)
Tue Jan 7 21:57:50 2003
Message-ID: <3E1B1152.5000508@uchicago.edu>
Date: Tue, 07 Jan 2003 11:41:38 -0600
From: Kim Scarborough <kjs@uchicago.edu>
MIME-Version: 1.0
To: dildog@atstake.com, bugtraq@securityfocus.com
In-Reply-To: <20030107132006.6DA9D179B6@porfidio.atstake.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
dildog wrote:
> I suppose that IE's 'automatic font download' support (which is on by
> default) would exacerbate this problem, correct?
If you mean IE's font embedding support, it's unclear. Embedded font files are
a different format than standard font files (to prevent piracy). They are not
viewable in Font Viewer, so I doubt this same sort of attack could be done
that way. If the folks who gave us this OTF want to try it on a EOT file (MS's
embedding format) and see if they can crash IE (or get it to execute code),
that'd be interesting.
If you mean IE's international support, which will download fonts when
necessary, then yes, it would be vulnerable to this attack, but since it only
downloads those files directly from Microsoft, it's no more of a danger than a
Service Pack or anything else you get from them. If MS's download area is
compromised, people have a lot more to fear than trojaned font files.
--
----------------------------------------------------------------------------
Kim Scarborough Web Systems Administrator
University of Chicago/NSIT (773) 834-7740
----------------------------------------------------------------------------
