Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2015-2506 CVE-2015-2507 CVE-2015-2508 CVE-2015-2510 CVE-2015-2511 CVE-2015-2512 CVE-2015-2517 CVE-2015-2518 CVE-2015-2527 CVE-2015-2529 CVE-2015-2546 |
| CWE-ID | CWE-20 CWE-119 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Vulnerability #11 is being exploited in the wild. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system Microsoft Office Client/Desktop applications / Office applications Microsoft Lync Client/Desktop applications / Messaging software Skype for Business Client/Desktop applications / Messaging software |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU5567
Risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2506
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper handling of OpenType Fonts (OTF) Adobe Type Manager Library. A local attacker can execute a specially crafted program and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU5568
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2507
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Adobe Type Manager Library. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Memory corruption
EUVDB-ID: #VU5569
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2508
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in Adobe Type Manager Library. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsWindows: 10
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Buffer overflow
EUVDB-ID: #VU5570
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2510
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when handling of OpenType fonts (OTF) in Adobe Type Manager Library. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsWindows: Vista
Windows Server: 2008
Microsoft Office: 2007 - 2010
Microsoft Lync: 2010 - 2013
Skype for Business: 2016
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU5571
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2511
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Memory corruption
EUVDB-ID: #VU5572
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2512
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Memory corruption
EUVDB-ID: #VU5573
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2517
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Memory corruption
EUVDB-ID: #VU5574
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2518
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Memory corruption
EUVDB-ID: #VU5575
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-2527
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation and enforcement of integrity levels by Win32k.sys. A local attacker can execute a specially crafted program and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 8 - RT
Windows Server: 2012 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Security bypass
EUVDB-ID: #VU5576
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2529
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper initialization of a memory address in the Windows kernel. A local attacker can execute a specially crafted program, bypass Kernel Address Space Layout Randomization (KASLR) and obtain the base address of the kernel driver.
Successful exploitation of the vulnerability may result in information disclosure on the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 8.1 - 10
Windows Server: 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU5577
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2015-2546
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
External linkshttp://technet.microsoft.com/en-us/library/security/ms15-097
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
