CVE-2015-2512
published 2015-09-09CVE-2015-2512: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012…
PriorityP338high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
3.79%
88.6th percentile
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j652-9xhw-36p8: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.2
CVE-2015-2507 [HIGH] GHSA-j652-9xhw-36p8: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512.
GHSA
GHSA-h94g-mr37-jwxh: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.2
CVE-2015-2512 [HIGH] GHSA-h94g-mr37-jwxh: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507.
No detection rules found.
Exploit-DB
Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
exploitdb·2015-09-24
CVE-2015-2512 Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=474
---
The attached PoC triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys
---
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38307.zip
Exploit-DB
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
exploitdb·2015-09-22
CVE-2015-2512 Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=415
---
Tested on Win 7 32-bit with Special Pool enabled.
Multiple pool buffer overflows can be triggered through the NtGdiStretchBlt system call. The attached PoC demonstrates a write overflow and another read over flow issue which is likely to be usable for memory leaks (enabled by uncommenting the first NtGdiStretchBlt call).
---
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38280.zip
http://www.securityfocus.com/bid/76589http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38280/http://www.securityfocus.com/bid/76589http://www.securitytracker.com/id/1033485https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097https://www.exploit-db.com/exploits/38280/
2015-09-09
Published