Skip to main content

Websites with embedded fonts not always secure

Font embedding has been an important feature of Microsoft applications such as Word and PowerPoint. Web designers also use embedded fonts to guarantee that the text on a page will look the same in every browser.

But recently, hackers are explointing text fonts embedded in Web pages to break into Windows systems. They create a corrupted font on a Web site and wait for unsuspecting visitors.

When you view the affected font in Internet Explorer--or in any application that uses Windows to show the fonts in question--the doctored text triggers a buffer overflow, disabling your PC's security and allowing the thug to then take control of your computer.

Reading or even just previewing an affected HTML e-mail message in Outlook or Outlook Express can launch the attack too.

Download Security Update for Windows XP (KB908519)

Source: Vulnerability in Embedded Web Fonts | PCWorld