Project Zero Shares PoC Exploit For Critical RCE Graphics Bug

Google's oday bug-hunting team Project Zero has shared a proof-of-concept (PoC) exploit code for a critical RCE (Remote Code Execution) Windows graphics bug. The vulnerability is tracked as CVE-2021-24093 and is located in a high-quality text rendering Windows API named Microsoft DirectWrite. DirectWrite is used as the default font rasterizer by most major web browsers for rendering web font glyphs. The security flaw can be leveraged to force a memory corruption state that allows to remotely execute arbitrary code on the targets' systems. Read more...