7.8

CVE-2015-2387

Warnung
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftWindows Vista Version- Updatesp2

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft ATM Font Driver Privilege Escalation Vulnerability

Schwachstelle

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.12% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.us-cert.gov/ncas/alerts/TA15-195A
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/75587
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1032908
Third Party Advisory
Broken Link
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-077
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2387
US Government Resource