Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system.
White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client.
DirectWrite is a Windows API designed to provide supports measuring, drawing, and hit-testing of multi-format text.
The vulnerability was discovered by Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero, the company reported the issue to Microsoft in November and disclosed this week the details of the issue.
The flaw was addressed with the release of February 2021 Patch Tuesday updates.
The issue affects the Windows graphics component in all operating systems and received a CVSS score of 8.8.
An attacker could exploit the flaw by tricking the victims into visiting a specially crafted site hosting a file set up to trigger the issue.
The CVE-2021-24093 vulnerability is a DirectWrite heap-based buffer overflow that resides in the processing of a specially crafted TrueType font.
“We have discovered a crash in the DWrite!fsg_ExecuteGlyph function when loading and rasterizing a malformed TrueType font with a corrupted “maxp” table. Specifically, it was triggered after changing the value of the maxPoints field from 168 to 0, and the maxCompositePoints value from 2352 to 3 in our test font. We believe that this causes an inadequately small buffer to be allocated from the heap.” reads the report published by Google.
The researchers also released a proof-of-concept (PoC) exploit (poc.ttf poc.html).
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, CVE-2021-24093,)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system.
White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client.
DirectWrite is a Windows API designed to provide supports measuring, drawing, and hit-testing of multi-format text.
The vulnerability was discovered by Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero, the company reported the issue to Microsoft in November and disclosed this week the details of the issue.
The flaw was addressed with the release of February 2021 Patch Tuesday updates.
The issue affects the Windows graphics component in all operating systems and received a CVSS score of 8.8.
An attacker could exploit the flaw by tricking the victims into visiting a specially crafted site hosting a file set up to trigger the issue.
The CVE-2021-24093 vulnerability is a DirectWrite heap-based buffer overflow that resides in the processing of a specially crafted TrueType font.
“We have discovered a crash in the DWrite!fsg_ExecuteGlyph function when loading and rasterizing a malformed TrueType font with a corrupted “maxp” table. Specifically, it was triggered after changing the value of the maxPoints field from 168 to 0, and the maxCompositePoints value from 2352 to 3 in our test font. We believe that this causes an inadequately small buffer to be allocated from the heap.” reads the report published by Google.
The researchers also released a proof-of-concept (PoC) exploit (poc.ttf poc.html).
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, CVE-2021-24093,)