Microsoft Security Bulletin MS15-078 - Critical

Discussion in 'other security issues & news' started by ronjor, Jul 20, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,739
    Location:
    Texas
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Huh. I figured we'd see more of this, didn't figure on so soon.

    Interesting note: Truetype fonts are actually their own Turing-complete language. Which means the Halting Problem applies, which means you can never demonstrate that a TTF font won't do something nasty when rendered. Which means that the Windows kernel parsing fonts on behalf of userspace applications is a profoundly bad design - it can literally not be made secure.
     
Loading...