A Font that crashes Windows?

[avdven]

A message was sent to BugTraq with the following statement by "Andrew":

The attached OpenType font file will cause Windows to restart
immediately when the file is opened by the default viewer (fontview).
I doubt anyone would suspect a "harmless" little font file of being
able to cause such a thing to happen!

Read the whole thing here.
Or, better yet, if you don't believe it, download and view this font.

Now, not only do Windows users have to worry about .zips, exes, and MS Office files, but now they have to worry about fonts, too...

AJ

[the_JinX]

W000T that's the weirdest thing I've seen..

My trusty hex editor reveals..

Copyright 2003. All rights reserved.restarterRegular1.000;NONE;restarterOTF 1.000;PS 001.001;Core 1.0.29Please refer to the Copyright section for the font trademark attribution notices. C o p y r i g h t 2 0 0 3 . A l l r i g h t s r e s e r v e d . r e s t a r t e r R e g u l a r 1 . 0 0 0 ; N O N E ; r e s t a r t e r O T F 1 . 0 0 0 ; P S 0 0 1 . 0 0 1 ; C o r e 1 . 0 . 2 9 P l e a s e r e f e r t o t h e C o p y r i g h t s e c t i o n f o r t h e f o n t t r a d e m a r k a t t r i b u t i o n n o t i c e s .

BTW it only crashes 2000 and XP, win 98 SE I tested to be safe...
On win9x it just crashes the fontview app...

[bimmer]

well it gave me a message ( windows cannot oppen this file )

[Trust_Not_123]

bimmer, that might be that the file got corrupted when you downloaded it. try again

[phaza7]

My trusty frhed hex editor, I saw the same thing. Wonder if Gates and company

is going to build a patch for it. Hate to see a lame virii exploiting it.

[The Old Man]

Hmmm, i just tried it on one box loaded W2000Pro, SP-2, and Frontview just said it was "not a valid font file"... Did not try it on W98SE, since the original post said it did not affect it too bad.

[[ßÏÑÐ¥€¥€]]

Patch ===== ? Workaround ========== Steven Tucker says : On XP Professional SP1 it causes a bugcheck in ATMFD.DLL. According to the properties for this DLL this is the Adobe Type Manager driver. The bugcheck code is PAGE_FAULT_IN_NONPAGED_AREA @ Base+0x28A75. You can delete the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers This will eliminate the immediate problem, but will remove type 1 font support.

[Terr]

Am I SUPPOSED to get a four character text http response when clicking on that attachment? I just get "OTTO"...

Hm. Must be an opera thing. IE downloads more actual data, but decides to call it "2" by default.

[drew]

hey can u make a virus or something harmful in the form of a txt file?
i'm not gonna try doing it but i just wanted to know if it could be done and if so where can i learn about it.
once again i don't want a step by step just the theory or a link to it, i want to see how dangerous txt files can be, i always thought it's just plain text, but now 'm not sure.

thanx drew.

[the_JinX]

drew: this is a bit off-topic,

I hope I don't offend anyone if I do answer drew's off-topic question here..

you can't make a virus in a text file..
the text file uses ascii to write text. it has 256 (well 0 - 255 ) possible characters.

It might be possible to make a .txt file that kills notepad or even windows, but that's a totaly different story..

You do however get a lot of people sending attatchments like: readme.txt.pif (link) or even read_this.txt.scr (screensaver (actualy same as a .exe))
when you set windows to not show extentions (the 3 characters after the dot) you won't see the .pif .scr .exe or .com extention !!

these CAN contain a virus or a trojan (and I'd even bet on them containing one..)..