Can font files be dangerous

Some web sites talk about their fonts files as being clean or checked.

Does this mean some types of font file can be infected with malware?

Zakko wrote:
> Some web sites talk about their fonts files as being clean or checked.
>
> Does this mean some types of font file can be infected with malware?

Fonts can be malformed in a number of ways that create problems for the
user. Probably the most obvious is an older font that is far enough out
of spec that recent versions of Windows will refuse to load it. I'm not
aware of fonts carrying malware, so I would just read those as product
benefit claims--our fonts are high quality, basically.

Dick Margulis wrote:

> I'm not aware of fonts carrying malware, so I would just read

> those as product benefit claims--our fonts are high quality, basically.

I remember a bug in a webbrowser causing a buffer overflow with specially
crafted font files. Now, that was Netscape 4.0, which is quite a long time ago.

Without a bug, there's no specified way to include executable code in font
files.

From: "Zakko" <scruff@mail.invalid>

| Some web sites talk about their fonts files as being clean or checked.
|
| Does this mean some types of font file can be infected with malware?

Font files are none malicious.

However, there are Trojans that will hide in the Windows font folder.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Zakko wrote:

> Some web sites talk about their fonts files as being clean or checked.
>
> Does this mean some types of font file can be infected with malware?

No, but I've accidentally created some otf fonts that, if
double-clicked, for some inexplicable reason result in a BSOD (Blue
Screen of Death)! No harm done, just very annoying.

- Character

Character wrote:


>> Does this mean some types of font file can be infected with malware?
>
> No, but I've accidentally created some otf fonts that, if
> double-clicked, for some inexplicable reason result in a BSOD (Blue
> Screen of Death)! No harm done, just very annoying.

Is your system up-to-date wrt. security updates? Did you install any
security relevant font management software?

If the answer to the first question is "yes" and to the second "no", you
should definitely report this issue to Microsoft.

Sebastian G. wrote:

> Character wrote:
>
>
>>> Does this mean some types of font file can be infected with malware?
>>
>>
>> No, but I've accidentally created some otf fonts that, if
>> double-clicked, for some inexplicable reason result in a BSOD (Blue
>> Screen of Death)! No harm done, just very annoying.
>
>
> Is your system up-to-date wrt. security updates? Did you install any
> security relevant font management software?
>
> If the answer to the first question is "yes" and to the second "no", you
> should definitely report this issue to Microsoft.

Yes, no, and I did :)

"Character" <Char@cters.bold.italic> wrote in message
news:Uzwjj.6$tQ1.1@en-nntp-03.dc1.easynews.com...
> Zakko wrote:
> No, but I've accidentally created some otf fonts that, if double-clicked,
> for some inexplicable reason result in a BSOD (Blue Screen of Death)! No
> harm done, just very annoying.

I've created buggy fonts that did that on Windows NT,
but they failed safely on XP. As I was writing hint code
directly, I knew the exact reason, but I can't recall what
it was.

I have accidentally put what, at certain resolutions, was
an infinite loop into a TTF hint. Some renderers will just
go ahead and loop infinitely if you do that.