Font embedding has been an important feature of Microsoft applications such as Word and PowerPoint. Web designers also use embedded fonts to guarantee that the text on a page will look the same in every browser.

But recently, hackers are explointing text fonts embedded in Web pages to break into Windows systems. They create a corrupted font on a Web site and wait for unsuspecting visitors.

When you view the affected font in Internet Explorer--or in any application that uses Windows to show the fonts in question--the doctored text triggers a buffer overflow, disabling your PC's security and allowing the thug to then take control of your computer.

Reading or even just previewing an affected HTML e-mail message in Outlook or Outlook Express can launch the attack too.

Download Security Update for Windows XP (KB908519)

Source: Vulnerability in Embedded Web Fonts | PCWorld