Wanna bet it is Yet Another Buffer Overflow... the problem is not the font — it is the silly software that is supposed to be able to handle it correctly no matter what it is.
To assume that third party data is always going to be friendly to your application is very foolish!
This is a kernel-mode vulnerability that takes advantage of the fact that Microsoft’s font controls are at the kernel. Fonts are often cited as a vector for vulnerabilities due to the need for elevated privileges to display them. Not sure I understand the mechanism well enough, but I don’t think it’s buffer overflow. I’ve been wrong before.
It’s also worthwhile to note this is related to OpenType fonts, which are very popular in web design, as I understand it.