After you install security update 961371 (described in security bulletin MS09-029), you may experience any of the following problems:
- Web pages that use fonts that have a very long string in the name table display with a default font.
- Documents that use these fonts display with a default font when you print them by using a print spooler.
- Attempts to embed the fonts as subsets in Microsoft Word documents or in Microsoft PowerPoint presentations fail.
This problem occurs because of a regression in the Windows font embedding component that was introduced by security update 961371. The regression imposes an artificial 2,500 character length limitation on strings that are contained in OpenType or TrueType fonts.
To resolve this problem, install security update 972270. After you install update 972270, the character length limitation on strings that are contained in OpenType or TrueType fonts is restored to 64 KB (32,768 Unicode characters).
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Vulnerability in the Embedded OpenType Font Engine could allow remote code execution
TrueType and OpenType fonts contain strings in the "name" table. For more information, visit the following Microsoft Web page:
The TrueType and OpenType specifications allow for the length of any individual string to be up to 64 KB. For strings that are used in Microsoft Windows-based operating systems that are Unicode encoded, this corresponds to a limit of 32 KB characters.
Security update 961371 introduces a change that applies a limit of 5,000 bytes (2,500 characters) on strings in the name table of a font. There are existing fonts that contain strings that exceed that limit. For example, some fonts include the vendor's complete license agreement as a string in the name table of the font.
for other considerations.