A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys). The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file.