Microsoft DirectWrite AFDKO Heap-Based Due to Integer in readTTCDirectory buffer overflow vulnerability

Summary

AFDKO (OpenType's Adobe font development toolkit) is a set of tools for examining, modifying, and building fonts.Microsoft DirectWrite AFDKO Heap Based Due to Integer in readTTCDirectory buffer overflow vulnerability, attackers can use this vulnerability to execute unauthorized instructions, can obtain system privileges, and then carry out various illegal operations.


Solution

At present, the manufacturer does not provide the repair plan, please pay attention to the manufacturer's home page:

https://portal.msrc.microsoft.com/en-us/security-guidance