Microsoft bracing for malware attacks from embedded fonts
Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents. The specific vulnerability — in the font parsing subsystem of the win32.sys driver
— provides an entry point for hackers to take complete control of an unpatched machine without any user action beyond normal browsing or opening a rigged document file. … Microsoft’s MS09-065 bulletin says an exploit was already publicly available before the update was ready on Patch Tuesday, meaning that malware authors have gotten a long head start researching entry points for attacks.
Date: 12 November 2009
More...........Microsoft bracing for malware attacks from embedded fonts | Zero Day | ZDNet.com