Zero-Day Advisory
Fortinet Discovers Microsoft Graphics Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Memory Corruption vulnerability in Microsoft Windows font library.
Windows font library supports many font formats. Each font format contains many thousands of characters. The vulnerable Windows font library is used by many Windows platforms.
The Memory Corruption vulnerability exists when the Windows font library improperly handles a specially crafted EOT file. An attacker who successfully exploited this vulnerability could take control of the affected system.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:MS.Windows.Graphics.EOT.File.Parsing.Code.Execution
Released Oct 09, 2017
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on July 11, 2017.
Microsoft patched the vulnerability on October 10, 2017.