CVE-2016-0120
published 2016-03-09CVE-2016-0120: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2…
PriorityP354medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
39.05%
98.4th percentile
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for stack buffer overrun bugcheck 0xF7 (DRIVER_OVERRAN_STACK_BUFFER) originating from ATMFD.DLL, indicating exploitation of the OTF font parsing vulnerability. ↗
- →Look for stack corruption events in ATMFD.DLL at offsets +0x15720, +0x357f6, and +0x35b0e on 32-bit Windows 7/8.1 systems as indicators of active exploitation. ↗
- →Alert on unexpected kernel crashes in csrss.exe context involving ATMFD.DLL, as the font is processed in the kernel via the OpenType driver. ↗
- ·The stack cookie mismatch values (Expected 98ee9e09, found a6703535) are specific to the crash environment and will vary across systems and ATMFD.DLL builds; do not use them as universal detection signatures. ↗
- ·Reproduction was confirmed only on Windows 7 and 8.1 (32-bit); other platforms were not tested by the researcher, so detection coverage on other affected OS versions (Vista, Server 2008, Windows 10, etc.) is unverified. ↗
- ·The specific root cause within ATMFD.DLL was not fully determined by the researcher; detections based on stack offsets may not generalize across all patched/unpatched ATMFD.DLL versions. ↗
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
## Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
## Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge securi
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
### Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge security bulletin respectively. In total, 24 v
Bugzilla
CVE-2016-2378 pidgin: MXIT get_utf8_string Code Execution Vulnerability
bugzilla·2016-06-22·CVSS 8.1
CVE-2016-2378 [HIGH] CVE-2016-2378 pidgin: MXIT get_utf8_string Code Execution Vulnerability
CVE-2016-2378 pidgin: MXIT get_utf8_string Code Execution Vulnerability
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
External references:
http://www.talosintel.com/reports/TALOS-2016-0120/
http://www.pidgin.im/news/security/?id=94
Upstream fix:
https://bitbucket.org/pidgin/main/commits/06278419c703
http://www.securityfocus.com/bid/84071http://www.securitytracker.com/id/1035198https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026https://www.exploit-db.com/exploits/39561/http://www.securityfocus.com/bid/84071http://www.securitytracker.com/id/1035198https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026https://www.exploit-db.com/exploits/39561/
2016-03-09
Published