CVE-2015-2507
published 2015-09-09CVE-2015-2507: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012…
PriorityP337high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
3.64%
88.1th percentile
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j652-9xhw-36p8: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.2
CVE-2015-2507 [HIGH] GHSA-j652-9xhw-36p8: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512.
GHSA
GHSA-h94g-mr37-jwxh: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.2
CVE-2015-2512 [HIGH] GHSA-h94g-mr37-jwxh: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507.
No detection rules found.
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 09-09-2015
blogs_zscaler·CVSS 5.0
[MEDIUM] Zscaler detects IE & MS Office Vulnerabilities | 09-09-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)
bugzilla·2015-10-21·CVSS 5.8
CVE-2015-4871 [MEDIUM] CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)
CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)
Oracle Java SE 7u91 fixes an unspecified vulnerability in the Libraries component (CVE-2015-4871). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:1927 https://rhn.redhat.com/errata/RHSA-2015-1927.html
---
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2015:2507 https://r
http://www.securityfocus.com/bid/76591http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38279/http://www.securityfocus.com/bid/76591http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38279/
2015-09-09
Published