Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild

On March 23, Microsoft released an advisory for two vulnerabilities in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Although the name of the ATM library came from an Adobe developed tool, ATM Light, Microsoft included native support for the ATM fonts with the release of Windows Vista in 2007. These vulnerabilities, therefore, exist within Windows’ native integration for support of PostScript fonts.

Exploitation of these vulnerabilities could lead an attacker to gain code execution on a vulnerable machine after a user on that machine opens a specially crafted document or viewed that document in the Windows Preview pane.

Microsoft’s advisory reports that due to active exploitation of un-patched vulnerabilities in the Adobe Type Manager Library, Windows users are urged to apply Microsoft’s suggested workarounds to reduce risk until a proper fix can be made available in April’s Patch Tuesday.

Tenable provides a full analysis here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: