The specific flaw exists within the processing of the IUP instruction (opcode 0x31) in TrueType fonts. A crafted font can cause point patching to modify arbitrary addresses in the Windows kernel. This can be leveraged by an attacker to run arbitrary code in the context of SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|KeenTeam's Jihui Lu and Peter Hlavaty