DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 978909 - Last Review: July 1, 2010 - Revision: 2.0

SYMPTOMS

After you install security update 961371 (described in security bulletin MS09-029), you may experience any of the following problems:
  • Web pages that use fonts that have a very long string in the name table display with a default font.
  • Documents that use these fonts display with a default font when you print them by using a print spooler.
  • Attempts to embed the fonts as subsets in Microsoft Word documents or in Microsoft PowerPoint presentations fail.

CAUSE

This problem occurs because of a regression in the Windows font embedding component that was introduced by security update 961371. The regression imposes an artificial 2,500 character length limitation on strings that are contained in OpenType or TrueType fonts.

RESOLUTION

To resolve this problem, install security update 972270. After you install update 972270, the character length limitation on strings that are contained in OpenType or TrueType fonts is restored to 64 KB (32,768 Unicode characters). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
972270  (http://support.microsoft.com/kb/972270/ ) Vulnerability in the Embedded OpenType Font Engine could allow remote code execution

MORE INFORMATION

TrueType and OpenType fonts contain strings in the "name" table. For more information, visit the following Microsoft Web page:
http://www.microsoft.com/typography/otspec/name.htm (http://www.microsoft.com/typography/otspec/name.htm)
The TrueType and OpenType specifications allow for the length of any individual string to be up to 64 KB. For strings that are used in Microsoft Windows-based operating systems that are Unicode encoded, this corresponds to a limit of 32 KB characters.

Security update 961371 introduces a change that applies a limit of 5,000 bytes (2,500 characters) on strings in the name table of a font. There are existing fonts that contain strings that exceed that limit. For example, some fonts include the vendor's complete license agreement as a string in the name table of the font.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.

APPLIES TO
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 Datacenter without Hyper-V
    • Windows Server 2008 Enterprise without Hyper-V
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Standard without Hyper-V
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
  • Microsoft Security Essentials
Keywords: 
kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB978909
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support