Microsoft Windows Adobe Font Driver Remote Code Execution Vulnerabilities

Last Update Date: 12 Mar 2015 Release Date: 11 Mar 2015 3113 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

Adobe Font Driver Denial of Service Vulnerability
A denial of service vulnerability exists in how the Adobe Font Driver manages memory when parsing fonts. A user who visited a specially crafted website or opened a specially crafted file could be affected by this vulnerability. The update addresses this vulnerability by correcting how the font parser allocates memory.
Multiple Adobe Font Driver Information Disclosure Vulnerabilities
Information disclosure vulnerabilities exist in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. These vulnerabilities are caused when the Adobe Font Driver tries to read or display certain fonts. An attacker could use the vulnerabilities to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use these vulnerabilities in conjunction with another vulnerability to bypass security features such as Kernel Address Space Layout Randomization (KASLR). The update addresses the vulnerabilities by correcting how objects in memory are handled.
Multiple Adobe Font Driver Remote Code Execution Vulnerabilities
Vulnerabilities exist in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. The vulnerabilities are caused when the Adobe Font Driver improperly overwrites objects in memory. The vulnerabilities could allow an attacker to run code in kernel-mode and then install programs; view, change, or delete data; or create new accounts with full administrative rights. The update addresses these vulnerabilities by correcting how the Adobe Font Driver handles objects in memory.