A Google Project Zero researcher has publicly disclosed
details on a number of patched
Adobe and Microsoft vulnerabilities, including one in the Adobe Type Manager Font Driver that could enable takeover of a number of systems supporting modern font engines.
Mateusz Jurczyk pointed the finger at how CharStrings are handled as the principal culprit, in particular the quality of its interpreter function in ATMFD.dll; CharStrings provide instructions for drawing the shape of each glyph at a particular point size, he said.
