Skip to main content

Microsoft CVE-2015-2387

HIGH
Out-of-bounds Write (CWE-787)
2015-07-14 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 21, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:15 cisa
CISA KEV
Patch released
Oct 22, 2025 - 00:15 nvd
Patch available
CVE Published
Jul 14, 2015 - 22:59 nvd
HIGH 7.8

DescriptionCVE.org

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

AnalysisAI

The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.

Technical ContextAI

The CWE-787 out-of-bounds write in ATMFD.DLL (the kernel-mode Adobe Type Manager Font Driver) is triggered by processing crafted font data. Since ATMFD runs in kernel mode, exploitation grants SYSTEM-level privileges from any user context.

RemediationAI

Apply Microsoft security update MS15-077. Windows 10 moved ATMFD to user mode, significantly reducing the impact of font parsing vulnerabilities. Migrate to Windows 10+.

More in Adobe

View all
CVE-2015-5119 CRITICAL POC
9.8 Jul 08

Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitr

CVE-2016-4117 CRITICAL POC
9.8 May 11

Remote code execution in Adobe Flash Player 21.0.0.226 and earlier allows unauthenticated network attackers to execute a

CVE-2015-3113 CRITICAL POC
9.8 Jun 23

Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in J

CVE-2011-2462 CRITICAL POC
9.8 Dec 07

Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote

CVE-2011-0611 HIGH POC
8.8 Apr 13

Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute ar

CVE-2009-0927 HIGH POC
8.8 Mar 19

Adobe Reader and Acrobat 9.x, 8.x, and 7.x contain a stack-based buffer overflow in the getIcon method of the Collab obj

CVE-2009-4324 HIGH POC
7.8 Dec 15

Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was ac

CVE-2011-0609 HIGH POC
7.8 Mar 15

Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execu

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2025-54236 CRITICAL POC
9.1 Sep 09

Session hijacking in Adobe Commerce (Magento) 2.4.x through 2.4.9-alpha2 allows remote unauthenticated attackers to take

CVE-2015-8651 HIGH
8.8 Dec 28

Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow expl

CVE-2025-54253 CRITICAL POC
10.0 Aug 05

Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated r

Share

CVE-2015-2387 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy