SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Adobe Type Manager Font Driver Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1032908
SecurityTracker URL:  http://securitytracker.com/id/1032908
CVE Reference:   CVE-2015-2387   (Links to External Site)
Date:  Jul 15 2015
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Adobe Type Manager Font Driver. A local user can obtain elevated privileges on the target system.

A local user can run a specially crafted application to exploit an object memory handling flaw in the Adobe Type Manager font driver (ATMFD) to execute arbitrary code on the target system with elevated privileges.

Google Project Zero and Morgan Maquis-Boire reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Server 2003 Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=742f6b42-c129-49d2-a1d2-cdead3adf1d2

Windows Server 2003 x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=2b8be95e-b2b5-49e8-8356-d486b126a1d4

Windows Server 2003 with SP2 for Itanium-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=a327422c-5a1c-4f33-a340-7139967f4aeb

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=56fb37c2-89f2-428f-99f6-7f93ca3b6466

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=c9d53542-c59a-4eb1-a07d-1deaf4e8ddd4

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=f8e85e7d-901f-487f-82af-66a6f370227b

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=ece6dfdf-a0e6-43d6-a251-3ac97ec01e1c

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=aa38cd25-e828-494b-bf9b-7444737630de

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=dce5e481-d161-4b0d-a84e-a199859be2c9

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=b0a49f6a-cfd1-4360-a1d3-485fcd1c03d7

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2ea53897-d9cf-4265-9da3-2c6142ebf497

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=6955ec86-8382-4a53-b75f-68b59bf96725

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=0ec2b082-752b-4470-b988-56200d2c1561

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=ca256d0e-057b-4c4b-bf35-88d18a28ad44

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=ac718319-e2bf-491c-9af9-b17f9816f294

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=15c3ebf6-f4fc-45ad-9b6c-059bf2fcf4b5

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=6540a761-fd9f-49f1-a1e9-c50c7d73e242

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=9c6e30e9-b022-4d8e-9aa5-a702d9f76aa4

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=f8e85e7d-901f-487f-82af-66a6f370227b

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=ece6dfdf-a0e6-43d6-a251-3ac97ec01e1c

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2ea53897-d9cf-4265-9da3-2c6142ebf497

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=6540a761-fd9f-49f1-a1e9-c50c7d73e242

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=9c6e30e9-b022-4d8e-9aa5-a702d9f76aa4

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-077

Vendor URL:  technet.microsoft.com/library/security/ms15-077 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC