Microsoft
CVE-2015-2387
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."
AnalysisAI
The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.
Technical ContextAI
The CWE-787 out-of-bounds write in ATMFD.DLL (the kernel-mode Adobe Type Manager Font Driver) is triggered by processing crafted font data. Since ATMFD runs in kernel mode, exploitation grants SYSTEM-level privileges from any user context.
RemediationAI
Apply Microsoft security update MS15-077. Windows 10 moved ATMFD to user mode, significantly reducing the impact of font parsing vulnerabilities. Migrate to Windows 10+.
Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitr
Remote code execution in Adobe Flash Player 21.0.0.226 and earlier allows unauthenticated network attackers to execute a
Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in J
Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote
Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute ar
Adobe Reader and Acrobat 9.x, 8.x, and 7.x contain a stack-based buffer overflow in the getIcon method of the Collab obj
Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was ac
Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execu
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take
Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow expl
Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated r
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today