Once again, we have an old, this time deprecated, service exposing a significant vulnerability. This is a common pattern – a bit over a year ago, the Google Zero project found a group of vulnerabilities associated with windows font handling.
Read full news article on Dzone