Microsoft Windows Graphic Fonts Remote Code Execution Vulnerabilities
Last Update Date:
10 Mar 2016
Release Date:
9 Mar 2016
3178
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
- OpenType Font Parsing Vulnerability
A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could cause a denial of service condition. For systems running Windows 10, an attacker who successfully exploited the vulnerability could potentially cause the application to stop responding instead of the system. - OpenType Font Parsing Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Windows 7
- Microsoft Windows Server 2008 R2
- Microsoft Windows 8.1
- Microsoft Windows Server 2012 and Windows Server 2012 R2
- Microsoft Windows RT 8.1
- Microsoft Windows 10
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS16-026
Vulnerability Identifier
Source
Related Link
Share with