Vulnerability Details : CVE-2015-2426
Public exploit exists!
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."
Vulnerability category: OverflowExecute code
CVE-2015-2426 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
Added on
2022-03-28
Action due date
2022-04-18
Exploit prediction scoring system (EPSS) score for CVE-2015-2426
Probability of exploitation activity in the next 30 days: 97.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-2426
-
MS15-078 Microsoft Windows Font Driver Buffer Overflow
Disclosure Date: 2015-07-11First seen: 2020-04-26exploit/windows/local/ms15_078_atmfd_bofThis module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed in the July data leak. This module has been tested successfully on vulnerable builds of
CVSS scores for CVE-2015-2426
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-2426
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2426
-
http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/
A Look at the OpenType Font Manager Vulnerability from the Hacking Team Leak - TrendLabs Security Intelligence BlogExploit;Third Party Advisory
-
http://www.securitytracker.com/id/1032991
Windows Adobe Type Manager Library OpenFont File Processing Flaw Lets Remote Users Execute Arbitrary C ode - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/103336
VU#103336 - Windows Adobe Type Manager privilege escalation vulnerabilityThird Party Advisory;US Government Resource
-
https://www.exploit-db.com/exploits/38222/
Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit)Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75951
Microsoft Windows OpenType Font Driver CVE-2015-2426 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-078
Microsoft Security Bulletin MS15-078 - Critical | Microsoft DocsPatch;Vendor Advisory
Products affected by CVE-2015-2426
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*