Credit: Mateusz ‘j00ru’ Jurczyk
The “BLEND” opcode font bug was in a shared code base used both in Adobe Reader font renderer and Microsoft Windows Kernel (32-bit) font renderer. It allowed both to get code execution in Adobe Reader using a font embedded in a PDF file, and to later escape the sandbox and get SYSTEM rights by exploiting the exact same bug in the shared codebase in the Windows Kernel (ATMFD.DLL driver, part of Windows GDI).