How to fix CVE-2015-2387?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Is Windows affected by CVE-2015-2387?

CVE-2015-2387 presents notable security risk, a out-of-bounds write vulnerability rated CVSS 7.8. Exploitation could allow attackers to corrupt memory, crash the application, or potentially execute arbitrary code.

CVE-2015-2387

HIGH

2015-07-14 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:15 cisa

CISA KEV

Patch Released

Oct 22, 2025 - 00:15 nvd

Patch available

CVE Published

Jul 14, 2015 - 22:59 nvd

HIGH 7.8

Description

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

Analysis

The Adobe Type Manager Font Driver (ATMFD.DLL) in Windows contains a memory corruption vulnerability that allows local privilege escalation, exploited by the Duqu 2.0 malware in targeted attacks against diplomatic entities.

Technical Context

The CWE-787 out-of-bounds write in ATMFD.DLL (the kernel-mode Adobe Type Manager Font Driver) is triggered by processing crafted font data. Since ATMFD runs in kernel mode, exploitation grants SYSTEM-level privileges from any user context.

Affected Products

['Microsoft Windows Server 2003 SP2', 'Microsoft Windows Vista SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows 8/8.1', 'Microsoft Windows Server 2008/2012/R2', 'Microsoft Windows RT/RT 8.1']

Remediation

Apply Microsoft security update MS15-077. Windows 10 moved ATMFD to user mode, significantly reducing the impact of font parsing vulnerabilities. Migrate to Windows 10+.

Priority Score

130

Low Medium High Critical

KEV: +50

EPSS: +31.2

CVSS: +39

POC: 0

CVE-2015-2387 vulnerability details – vuln.today

Back

CVE-2015-2387

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2015-2387

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code