CVE-2016-0121
published 2016-03-09CVE-2016-0121: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2…
PriorityP273high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
41.24%
98.5th percentile
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a crafted OpenType font file with mutations in the 'CFF ' table, processed by ATMFD.DLL in the Windows kernel. Monitor for kernel crashes (BUGCHECK 0xD6 / DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION) referencing ATMFD.DLL in the stack trace. ↗
- →The offending mutations reside in the 'CFF ' table of the OTF font file. Inspect OTF/CFF font files submitted to Windows systems for malformed CFF table structures as a delivery vector. ↗
- →The crash manifests as a pool-based buffer overflow write (write operation, Arg2=1) at ATMFD+0x33e40. A kernel write outside a dynamically allocated buffer is the observable crash signature. Enable Special Pools for ATMFD.DLL to reliably trigger and detect the condition. ↗
- ·The crash can also occur on a default Windows installation (without Special Pools) but may manifest in ATMFD.DLL or another kernel location due to corrupted pool state, making attribution less straightforward without Special Pools enabled. ↗
- ·Reproduction was confirmed on Windows 7 and 8.1 only; other affected platforms listed in the advisory (Vista SP2, Server 2008, Windows 10, etc.) were not tested by the researcher. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
## Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
## Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge securi
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
### Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge security bulletin respectively. In total, 24 v
http://www.securityfocus.com/bid/84027http://www.securitytracker.com/id/1035198https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026https://www.exploit-db.com/exploits/39560/http://www.securityfocus.com/bid/84027http://www.securitytracker.com/id/1035198https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026https://www.exploit-db.com/exploits/39560/
2016-03-09
Published