Vulnerability in the OpenType Compact Font Format (CFF) driver could allow elevation of privilege
This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported editions of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by ensuring that the OpenType Compact Font Format (CFF) driver properly validates data. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB980218.