The 2015 Pwnie Nominee For Best Privilege Escalation Bug

Wild TTF Overflow

Credit: @promised_lu and @zer0mem

This win32k bug, still unpatched, resides in the TrueType Font code shipped with win8.1. Details regarding the exploitation technique and a high abstracted description of the bug were presented at recon this year, and the exploit was used to win at pwn2own 2015.

Wild TTF Overflow