Credit: Tavis Ormandy
Jumping from an iframe straight into the kernel! Tavis Ormandy discovered a memory corruption vulnerability in the win32k code that parses font files embedded on web pages. This vulnerability allows attackers to run arbitrary code in the kernel, bypassing any user-level security and sandboxing technologies.