CVE-2015-2458
published 2015-08-15CVE-2015-2458: ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1…
PriorityP272critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
32.35%
98.1th percentile
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Kernel bugcheck 0xD6 (DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION) originating from ATMFD.DLL is a strong indicator of exploitation attempts against this CVE; monitor for such crash dumps. ↗
- →Faulting instruction pointer within ATMFD module at offset 0x2a902 performing an out-of-bounds byte read; kernel crash logs showing ATMFD+0x2a902 in the stack trace indicate active exploitation. ↗
- →Stack trace involving win32k!NtGdiGetTextExtentExW -> win32k!GreGetTextExtentExW -> ATMFD call chain is characteristic of this vulnerability being triggered via crafted OpenType font processing. ↗
- →Enabling Special Pools for ATMFD.DLL on test/canary systems will cause an immediate crash upon exploitation, aiding in reliable detection of malicious OTF font files targeting this vulnerability. ↗
- →Crafted OpenType (OTF) font files delivered to Windows systems trigger out-of-bounds reads in the ATMFD.DLL PostScript CharString interpreter; inspect OTF files for malformed CharString instruction streams. ↗
- ·The exact root cause of the out-of-bounds CharString stream read in ATMFD.DLL is unknown; the crash may not always be immediately observable on default Windows installations without Special Pools enabled. ↗
- ·The vulnerability reproduces on Windows 7; behaviour on other affected platforms (Vista SP2, Server 2008, Windows 8/8.1, Server 2012, RT, Windows 10) may differ in crash reliability. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jvrr-j3q9-qv8w: ATMFD
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2458 [CRITICAL] CWE-20 GHSA-jvrr-j3q9-qv8w: ATMFD
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.
GHSA
GHSA-w5xx-wqgc-vg9r: ATMFD
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2461 [CRITICAL] CWE-20 GHSA-w5xx-wqgc-vg9r: ATMFD
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.
GHSA
GHSA-244f-jjf4-gvqg: ATMFD
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2459 [CRITICAL] CWE-20 GHSA-244f-jjf4-gvqg: ATMFD
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.
No detection rules found.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033238https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080https://www.exploit-db.com/exploits/37923/http://www.securitytracker.com/id/1033238https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080https://www.exploit-db.com/exploits/37923/
2015-08-15
Published