ID CVE-2015-2461
Summary ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.
References
Vulnerable Configurations
  • Microsoft Windows 10 64-bit
    cpe:2.3:o:microsoft:windows_10:-:-:-:-:-:-:x64
  • Microsoft Windows 10 32-bit
    cpe:2.3:o:microsoft:windows_10:-:-:-:-:-:-:x86
  • cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x64
  • cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x86
    cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x86
  • cpe:2.3:o:microsoft:windows_8:-:-:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_8:-:-:-:-:-:-:x64
  • cpe:2.3:o:microsoft:windows_8:-:-:-:-:-:-:x86
    cpe:2.3:o:microsoft:windows_8:-:-:-:-:-:-:x86
  • Microsoft Windows 8.1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_8.1:-:-:-:-:-:-:x64
  • Microsoft Windows 8.1 x86 (32-bit)
    cpe:2.3:o:microsoft:windows_8.1:-:-:-:-:-:-:x86
  • Microsoft Windows RT
    cpe:2.3:o:microsoft:windows_rt
  • Microsoft Windows RT Gold
    cpe:2.3:o:microsoft:windows_rt:-:gold
  • Microsoft Windows RT 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft Windows Server 2008 R2 Service Pack 1
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
  • Microsoft Windows Server 2012 Gold
    cpe:2.3:o:microsoft:windows_server_2012:-:gold
  • Microsoft Windows Server 2012 R2 DataCenter Edition
    cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:-:datacenter
  • Microsoft Windows Server 2012 R2 Essentials Edition
    cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:-:essentials
  • Microsoft Windows Server 2012 R2 Standard Edition
    cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:-:standard
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
CVSS
Base: 9.3 (as of 17-08-2015 - 12:02)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table. CVE-2015-2461. Dos exploit for windows platform
file exploits/windows/dos/37917.txt
id EDB-ID:37917
last seen 2016-02-04
modified 2015-08-21
platform windows
port
published 2015-08-21
reporter Google Security Research
source https://www.exploit-db.com/download/37917/
title Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table
type dos
msbulletin via4
bulletin_id MS15-080
bulletin_url
date 2015-08-11T00:00:00
impact Remote Code Execution
knowledgebase_id 3078662
knowledgebase_url
severity Critical
title Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS15-080.NASL
description The remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document or web page with embedded OpenType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2432, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015-2461, CVE-2015-2462) - Multiple remote code execution vulnerabilities exist in various components of Windows, .NET Framework, Office, Lync, and Silverlight due to a failure to properly handle TrueType fonts. An attacker can exploit these, by using a crafted document or web page with embedded TrueType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2435, CVE-2015-2455, CVE-2015-2456 CVE-2015-2463, CVE-2015-2464) - A remote code execution vulnerability exists due to Microsoft Office not properly handling Office Graphics Library (OGL) fonts. An attacker can exploit this, by using a crafted document or web page with embedded OGL fonts, to execute arbitrary code in the context of the user. (CVE-2015-2431) - A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a memory address. An attacker, using a specially crafted application, can exploit this issue to bypass Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2433) - An elevation of privilege vulnerability exists due to a flaw in the Windows Client/Server Run-time Subsystem (CSRSS) when terminating a process when a user logs off. An attacker can exploit this vulnerability to run code that monitors the actions of users who log on to the system, allowing the disclosure of sensitive information which could be used to elevate privileges or execute code. (CVE-2015-2453) - A security feature bypass vulnerability exists due to the Windows kernel-mode driver not properly validating and enforcing impersonation levels. An attacker can exploit this to gain elevated privileges on a targeted system. (CVE-2015-2454) - A security feature bypass vulnerability exists due to the Windows shell not properly validating and enforcing impersonation levels. An attacker can exploit this to bypass impersonation-level security and gain elevated privileges on a targeted system. (CVE-2015-2465)
last seen 2019-02-21
modified 2018-07-30
plugin id 85348
published 2015-08-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=85348
title MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
refmap via4
bid 76209
ms MS15-080
sectrack 1033238
Last major update 28-11-2016 - 14:20
Published 14-08-2015 - 20:59
Last modified 12-10-2018 - 18:09
Back to Top