CVE-2015-2387
Published: 14 July 2015
Summary
CVE-2015-2387 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
ATMFD.DLL in the Adobe Type Manager Font Driver is affected by a memory corruption vulnerability that permits local privilege escalation. The flaw impacts multiple Windows releases including Server 2003 SP2, Vista SP2, Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 and 8.1, Server 2012 Gold and R2, and Windows RT Gold and 8.1. It is tracked as CWE-787 and carries a CVSS 3.1 base score of 7.8 under an AV:L/AC:L/PR:L/UI:N vector.
A local attacker with the ability to run a crafted application on an affected system can trigger the corruption to obtain elevated privileges, resulting in full control over confidentiality, integrity, and availability of the host. No remote attack vector or user-interaction requirement is described.
Microsoft security bulletin MS15-077 and the accompanying US-CERT alert TA15-195A address the issue and point to available updates for the listed platforms. No information on observed in-the-wild exploitation is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-2480
Vulnerability details
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT…
more
Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patches (MS15-077) that eliminate the ATMFD.DLL memory-corruption flaw before local exploitation can succeed.
Mandates memory-protection mechanisms that block the out-of-bounds write (CWE-787) in ATMFD.DLL from corrupting kernel structures and achieving privilege escalation.
Enforces least-privilege execution so that even a successful local memory-corruption trigger in ATMFD.DLL yields only the minimal rights already assigned to the calling process.