| Vulnerability Name: | CVE-2015-2508 (CCN-106038) | ||||||||
| Assigned: | 2015-09-08 | ||||||||
| Published: | 2015-09-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-2508 Source: CCN Type: Microsoft Security Bulletin MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) Source: CCN Type: Microsoft Security Bulletin MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864) Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-123 Security Update for Skype for Business and Lync to Address Information Disclosure (3105872) Source: CCN Type: Microsoft Security Bulletin MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162) Source: CCN Type: Microsoft Security Bulletin MS15-135 Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-008 Security Update for Kernel to Address Elevation of Privilege (3124605) Source: CCN Type: Microsoft Security Bulletin MS16-014 Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Source: CCN Type: Microsoft Security Bulletin MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-044 Security Update for Windows OLE (3146706) Source: CCN Type: Microsoft Security Bulletin MS16-048 Security Update for CSRSS (3148528) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-060 Security Update for Windows Kernel (3154846) Source: CCN Type: Microsoft Security Bulletin MS16-061 Security Update for Microsoft RPC (3155520) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-092 Security Update for Windows Kernel (3171910) Source: CCN Type: Microsoft Security Bulletin MS16-097 Security Update for Microsoft Graphics Component (3177393) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-106 Security Update for Microsoft Graphics Component (3185848) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-111 Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-122 Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123 Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124 Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126 Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131 Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-139 Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-006 Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: BID Type: UNKNOWN 76592 Source: SECTRACK Type: UNKNOWN 1033485 Source: MS Type: UNKNOWN MS15-097 Source: XF Type: UNKNOWN ms-atm-cve20152508-priv-esc(106038) Source: CCN Type: Packet Storm Security [09-18-2015] Windows User Mode Font Driver Thread Permissions EoP Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [09-15-2015] Source: EXPLOIT-DB Type: UNKNOWN 38198 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||