[VulnWatch] Re: Opentype font file causes Windows to restart.

• Previous message: G.P.de.Boer: "Directory traversal bug in Communigate Pro 4's Webmail service"
• Next in thread: Steven Tucker: "Re: Opentype font file causes Windows to restart."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

quoth Andrew on this day of Our Lord:
| 
| The attached OpenType font file will cause Windows to restart
| immediately when the file is opened by the default viewer (fontview).
| I doubt anyone would suspect a "harmless" little font file of being
| able to cause such a thing to happen!
 
 I ran strings over it:

OTTO
CFF D@
eOS/2^^\
`cmap
$head
6hhea
$hmtx
maxp
name
post
restarter
restarter
NONE
Copyright 2003. All rights reserved.restarterRegular1.000;NONE;restarterOTF 1.000;PS 001.001;Core 1.0.29Please refer to the Copyright section for the font trademark attribution notices.

 and then entered 'restarter' into Google, which returned information on a
 trojan called restarter that does just that. Sophos and Symantec have
 descriptions of somewhat different versions of the trojan.

 godspeed,

 Tiina Muukkonen
 System Administrator, CSE, UNSW
-- 
"When I was seven, my parents moved to Texas.                   ________
 When I was nine, I found them." Steve Wright         (__)     /        \
                                              `\------(oo)    ( Squeak!! )
Tiina Muukkonen                                 ||    (__)  --'\________/
tiinamat_private                          ||w--||     
http://www.cse.unsw.edu.au/~tiinam      \|/                  \|/

• Next message: heydownsat_private: "Re: Longshine WLAN Access-Point LCS-883R VU#310201"
• Previous message: G.P.de.Boer: "Directory traversal bug in Communigate Pro 4's Webmail service"
• Next in thread: Steven Tucker: "Re: Opentype font file causes Windows to restart."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 20:08:24 PST