Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: rarestia

Wanna bet it is Yet Another Buffer Overflow... the problem is not the font — it is the silly software that is supposed to be able to handle it correctly no matter what it is.

To assume that third party data is always going to be friendly to your application is very foolish!


11 posted on 07/20/2015 3:34:52 PM PDT by HiTech RedNeck (Embrace the Lion of Judah and He will roar for you and teach you to roar too. See my page.)
[ Post Reply | Private Reply | To 10 | View Replies ]

To: HiTech RedNeck

This is a kernel-mode vulnerability that takes advantage of the fact that Microsoft’s font controls are at the kernel. Fonts are often cited as a vector for vulnerabilities due to the need for elevated privileges to display them. Not sure I understand the mechanism well enough, but I don’t think it’s buffer overflow. I’ve been wrong before.

It’s also worthwhile to note this is related to OpenType fonts, which are very popular in web design, as I understand it.


12 posted on 07/20/2015 3:41:27 PM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 11 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson