Nytro Posted August 5, 2012 Report Posted August 5, 2012 Blackhat 2012 Europe - Gdi Font Fuzzing In Windows Kernel For Fun Description: Blackhat 2012 EUROPE - GDI Font Fuzzing in Windows Kernel For Fun https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-WP.pdf https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-Slides.pdf https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-Tool.zip There are different types of font available within Windows and two groups of categories exist: GDI fonts and Device fonts. This talk will cover the GDI TrueType & GDI Bitmap fonts only on Windows platform.In GDI, one typically to create font is filling in a LOGFONT Structure and then calling CreateFontIndirect which returns a font handle. As expect from the name, a LOGFONT structure is a logical font, if the user draw some text using that font handle, GDI will look for a matching physical font to draw the text. If it doesn't find any match font name, it will use some other font.The resulting outcome is that the font fuzzer is working at the lower level through physical font API's provided by the GDI itself. For instance, API functions GetFontData, GetGlyphIndices and even ExtTextOut when used with the ETO_GLYPH_INDEX flag. Font fuzzer in this talk is aim to trigger the font vulnerabilities published in internet, two vulnerability in Windows Kernel MS11-077 and MS11-087 in handling crafted font will be discussed in this talk. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Blackhat 2012 Europe - Gdi Font Fuzzing In Windows Kernel For Fun Quote
