Vulnerability Name:

CVE-2015-2461

Assigned:2015-03-19
Published:2015-08-14
Updated:2017-09-20
Summary:ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-17
References:Source: MS
Type: VENDOR_ADVISORY
http://technet.microsoft.com/security/bulletin/MS15-080

Source: BID
Type: UNKNOWN
76209

Source: SECTRACK
Type: UNKNOWN
1033238

Source: EXPLOIT-DB
Type: UNKNOWN
37917

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008::sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_7:-:sp1:~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_7:-:sp1:~~~~x86~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:-::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:-::~~~~x86~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:-::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:-::~~~~x86~:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    microsoft windows_vista - sp2
    microsoft windows_server_2008 sp2
    microsoft windows_server_2008 r2 sp1
    microsoft windows_7 - sp1
    microsoft windows_7 - sp1
    microsoft windows_8 -
    microsoft windows_8 -
    microsoft windows_8.1 - -
    microsoft windows_8.1 - -
    microsoft windows_server_2012 - gold
    microsoft windows_server_2012 r2 -
    microsoft windows_server_2012 r2 -
    microsoft windows_server_2012 r2 -
    microsoft windows_rt -
    microsoft windows_rt - gold
    microsoft windows_rt_8.1 -
    microsoft windows_10 -
    microsoft windows_10 -