Can font files be dangerous

Discussion in 'Computer Security' started by Zakko, Jan 16, 2008.

  1. Zakko

    Zakko Guest

    Some web sites talk about their fonts files as being clean or checked.

    Does this mean some types of font file can be infected with malware?
    Zakko, Jan 16, 2008
    #1
    1. Advertising

  2. Zakko wrote:
    > Some web sites talk about their fonts files as being clean or checked.
    >
    > Does this mean some types of font file can be infected with malware?


    Fonts can be malformed in a number of ways that create problems for the
    user. Probably the most obvious is an older font that is far enough out
    of spec that recent versions of Windows will refuse to load it. I'm not
    aware of fonts carrying malware, so I would just read those as product
    benefit claims--our fonts are high quality, basically.
    Dick Margulis, Jan 16, 2008
    #2
    1. Advertising

  3. Zakko

    Sebastian G. Guest

    Dick Margulis wrote:

    > I'm not aware of fonts carrying malware, so I would just read


    > those as product benefit claims--our fonts are high quality, basically.


    I remember a bug in a webbrowser causing a buffer overflow with specially
    crafted font files. Now, that was Netscape 4.0, which is quite a long time ago.

    Without a bug, there's no specified way to include executable code in font
    files.
    Sebastian G., Jan 16, 2008
    #3
  4. David H. Lipman, Jan 16, 2008
    #4
  5. Zakko

    Character Guest

    Zakko wrote:

    > Some web sites talk about their fonts files as being clean or checked.
    >
    > Does this mean some types of font file can be infected with malware?


    No, but I've accidentally created some otf fonts that, if
    double-clicked, for some inexplicable reason result in a BSOD (Blue
    Screen of Death)! No harm done, just very annoying.

    - Character
    Character, Jan 16, 2008
    #5
  6. Zakko

    Sebastian G. Guest

    Character wrote:


    >> Does this mean some types of font file can be infected with malware?

    >
    > No, but I've accidentally created some otf fonts that, if
    > double-clicked, for some inexplicable reason result in a BSOD (Blue
    > Screen of Death)! No harm done, just very annoying.


    Is your system up-to-date wrt. security updates? Did you install any
    security relevant font management software?

    If the answer to the first question is "yes" and to the second "no", you
    should definitely report this issue to Microsoft.
    Sebastian G., Jan 17, 2008
    #6
  7. Zakko

    Character Guest

    Sebastian G. wrote:

    > Character wrote:
    >
    >
    >>> Does this mean some types of font file can be infected with malware?

    >>
    >>
    >> No, but I've accidentally created some otf fonts that, if
    >> double-clicked, for some inexplicable reason result in a BSOD (Blue
    >> Screen of Death)! No harm done, just very annoying.

    >
    >
    > Is your system up-to-date wrt. security updates? Did you install any
    > security relevant font management software?
    >
    > If the answer to the first question is "yes" and to the second "no", you
    > should definitely report this issue to Microsoft.


    Yes, no, and I did :)
    Character, Jan 17, 2008
    #7
  8. "Character" <> wrote in message
    news:Uzwjj.6$1.easynews.com...
    > Zakko wrote:
    > No, but I've accidentally created some otf fonts that, if double-clicked,
    > for some inexplicable reason result in a BSOD (Blue Screen of Death)! No
    > harm done, just very annoying.


    I've created buggy fonts that did that on Windows NT,
    but they failed safely on XP. As I was writing hint code
    directly, I knew the exact reason, but I can't recall what
    it was.

    I have accidentally put what, at certain resolutions, was
    an infinite loop into a TTF hint. Some renderers will just
    go ahead and loop infinitely if you do that.
    Larry A Barowski, Jan 17, 2008
    #8
  9. Zakko

    Jim Watt Guest

    On Wed, 16 Jan 2008 19:56:17 GMT, Zakko <> wrote:

    >Some web sites talk about their fonts files as being clean or checked.
    >
    >Does this mean some types of font file can be infected with malware?


    As far as I am aware websites do not load fonts onto your
    computer, they just specify which ones they would like your
    browser to use either in HTML or by way of a CSS file or
    specification.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Jan 17, 2008
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Telrenner
    Replies:
    2
    Views:
    450
    Ted Mittelstaedt
    Oct 16, 2003
  2. =?Windows-1252?Q?Frisbee=AE?=

    Re: PC use is dangerous

    =?Windows-1252?Q?Frisbee=AE?=, Jul 22, 2004, in forum: MCSE
    Replies:
    0
    Views:
    394
    =?Windows-1252?Q?Frisbee=AE?=
    Jul 22, 2004
  3. Franky

    Are WAV files dangerous?

    Franky, Aug 15, 2004, in forum: Computer Security
    Replies:
    28
    Views:
    1,442
    Jose Maria Lopez Hernandez
    Sep 2, 2004
  4. Lookout

    Windows XP explorer font and font size

    Lookout, Jun 4, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    606
    Lookout
    Jun 4, 2006
  5. andreasbell

    creating font with fixed font size

    andreasbell, Aug 30, 2010, in forum: Software
    Replies:
    1
    Views:
    1,156
    Hotspot
    Aug 30, 2010
Loading...

Share This Page