Fortinet Discovers Embedded Open Type Font File Handling Memory Corruption
Fortinet's FortiGuard Labs has discovered buffer overflow issue in Microsoft Embedded Open Type Font parser engine (ie: t2embed.dll) when parsing a specially crafted EOT file that could result in remote code execution upon successful exploitation.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Oct 09, 2017
Users should apply the solution provided by Microsoft.
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.