[VulnWatch] Re: Opentype font file causes Windows to restart.

From: Tiina Anita Muukkonen (tiinam@cse.unsw.edu.au)
Date: 01/07/03

  • Next message: dong-h0un yoU: "[VulnWatch] [INetCop Security Advisory] Remote format string vulnerability in Tanne." 
    From: tiinam@cse.unsw.edu.au (Tiina Anita Muukkonen)
To: Andrew <aconnell@xtra.co.nz>
Date: Tue, 7 Jan 2003 10:13:11 +1100

    quoth Andrew on this day of Our Lord:
    |
    | The attached OpenType font file will cause Windows to restart
    | immediately when the file is opened by the default viewer (fontview).
    | I doubt anyone would suspect a "harmless" little font file of being
    | able to cause such a thing to happen!
     
     I ran strings over it:

    OTTO
    CFF D@
    eOS/2^^\
    `cmap
    $head
    6hhea
    $hmtx
    maxp
    name
    post
    restarter
    restarter
    NONE
    Copyright 2003. All rights reserved.restarterRegular1.000;NONE;restarterOTF 1.000;PS 001.001;Core 1.0.29Please refer to the Copyright section for the font trademark attribution notices.

     and then entered 'restarter' into Google, which returned information on a
     trojan called restarter that does just that. Sophos and Symantec have
     descriptions of somewhat different versions of the trojan.

     godspeed,

     Tiina Muukkonen
     System Administrator, CSE, UNSW 

    -- 
"When I was seven, my parents moved to Texas.                   ________
 When I was nine, I found them." Steve Wright         (__)     /        \
                                              `\------(oo)    ( Squeak!! )
Tiina Muukkonen                                 ||    (__)  --'\________/
tiinam@cse.unsw.edu.au                          ||w--||     
http://www.cse.unsw.edu.au/~tiinam      \|/                  \|/