SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft GDI+ Vendors:   Microsoft
Microsoft Graphics Component Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1033485
SecurityTracker URL:  http://securitytracker.com/id/1033485
CVE Reference:   CVE-2015-2506, CVE-2015-2507, CVE-2015-2508, CVE-2015-2510, CVE-2015-2511, CVE-2015-2512, CVE-2015-2517, CVE-2015-2518, CVE-2015-2527, CVE-2015-2529, CVE-2015-2546   (Links to External Site)
Date:  Sep 8 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1, 10; and prior service packs
Description:   Multiple vulnerabilities were reported in Microsoft Graphics Components. A remote user can cause arbitrary code to be executed on the target user's system. A local user can gain system privileges on the target system. A remote user can bypass security controls on the target system. A remote user can cause denial of service conditions.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A local user can exploit a object handling flaw in the Windows Adobe Type Manager Library to obtain system level privileges on the target system [CVE-2015-2507, CVE-2015-2508, CVE-2015-2512].

A remote user can create a specially crafted OpenType font that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system [CVE-2015-2510].

A remote user can create a specially crafted OpenType font that, when loaded by the target user, will trigger a processing flaw in the Windows Adobe Type Manager Library and cause the target system to crash [CVE-2015-2506].

A local user can run a specially crafted application to trigger a flaw in the Windows kernel-mode driver (Win32k.sys) and execute arbitrary code with kernel-level privileges [CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2546].

A local user can run a specially crafted application to trigger a flaw in the Windows kernel-mode driver (Win32k.sys) in the validation of integrity levels and execute arbitrary code with kernel-level privileges [CVE-2015-2527]j.

A local user that can exploit a separate vulnerability can determine the base address of a kernel driver to bypass the Address Space Layout Randomization (ASLR) protections [CVE-2015-2529].

Piotr Bania and Andrea Allievi of Cisco Talos, Nils Sommer of bytegeist (via Google Project Zero), Steven Vittitoe of Google Project Zero, Chris Evans of Google Project Zero, Kai Lu of Fortinet's FortiGuard Labs, James Forshaw of Google Project Zero, Matt Tait of Google Project Zero, and Wang Yu of FireEye, Inc. reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain kernel-level privileges on the target system.

A remote user can bypass Address Space Layout Randomization security controls on the target system.

A remote user can cause the target system to crash.

Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The vendor's advisory is available at:

https://technet.microsoft.com/library/security/ms15-097

Vendor URL:  technet.microsoft.com/library/security/ms15-097 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC