Execution of Arbitrary Code on Fully Patched Windows 10 and Windows 7 Boxes (Heap-based Buffer Overflow Vulnerabilities)

Categories Buffer Overflow

Hossein Lotfi, (Secunia Research at Flexera Software) has discovered multiple vulnerabilities, which allow a hacker to execute arbitrary code, using specially crafted font files. These (remote) vulnerabilities impact fully patched installations of Windows 10 as well as Windows 7! :

* Hackers can exploit a vulnerability within the “LoadUvsTable()” function to cause a heap-based buffer overflow through a font file that has been crafted to contain specially crafted Unicode Variation Sequences tables.

* An integer overflow error within the “LoadFont()” function is able to be exploited in order to create a heap-based buffer overflow, again through a font file that has been crafted to contain specially crafted Unicode Variation Sequences tables.

As I mentioned at the outset these vulns are confirmed on fully patched Windows 10 Professional (gdi32full.dll version 10.0.14393.576) and Windows 7 Professional (usp10.dll version 1.626.7601.23585). Other versions
may be affected.

Fix this critical vuln by installing the update over at Microsoft’s Security TechCenter here.