Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild

On March 23, Microsoft released an advisory for two vulnerabilities in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Although the name of the ATM library came from an Adobe developed tool, ATM Light, Microsoft included native support for the ATM fonts with the release of Windows Vista in 2007. These vulnerabilities, therefore, exist within Windows’ native integration for support of PostScript fonts.

Exploitation of these vulnerabilities could lead an attacker to gain code execution on a vulnerable machine after a user on that machine opens a specially crafted document or viewed that document in the Windows Preview pane.

Microsoft’s advisory reports that due to active exploitation of un-patched vulnerabilities in the Adobe Type Manager Library, Windows users are urged to apply Microsoft’s suggested workarounds to reduce risk until a proper fix can be made available in April’s Patch Tuesday.