Skip to main content

Microsoft Windows Adobe Font Driver Remote Code Execution Vulnerabilities

Last Update Date: 12 Mar 2015 Release Date: 11 Mar 2015 3624 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS
  1. Adobe Font Driver Denial of Service Vulnerability
    A denial of service vulnerability exists in how the Adobe Font Driver manages memory when parsing fonts. A user who visited a specially crafted website or opened a specially crafted file could be affected by this vulnerability. The update addresses this vulnerability by correcting how the font parser allocates memory.
  2. Multiple Adobe Font Driver Information Disclosure Vulnerabilities
    Information disclosure vulnerabilities exist in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. These vulnerabilities are caused when the Adobe Font Driver tries to read or display certain fonts. An attacker could use the vulnerabilities to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use these vulnerabilities in conjunction with another vulnerability to bypass security features such as Kernel Address Space Layout Randomization (KASLR). The update addresses the vulnerabilities by correcting how objects in memory are handled.
  3. Multiple Adobe Font Driver Remote Code Execution Vulnerabilities
    Vulnerabilities exist in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. The vulnerabilities are caused when the Adobe Font Driver improperly overwrites objects in memory. The vulnerabilities could allow an attacker to run code in kernel-mode and then install programs; view, change, or delete data; or create new accounts with full administrative rights. The update addresses these vulnerabilities by correcting how the Adobe Font Driver handles objects in memory.

 


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link