CVSS: 9.3EPSS: 53%CPEs: 12EXPL: 2CVE-2015-2458 – Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads (MS15-021)
https://notcve.org/view.php?id=CVE-2015-2458
15 Aug 2015 — Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a atacantes remotos ejecutar código arbitrario a través de fuente OpenType manipulada, también conocida como 'OpenType Font Parsing Vulnerability', una vulnerabilidad diferente a CVE-2015-2459 y CVE-2015... • https://packetstorm.news/files/id/133193 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 53%CPEs: 12EXPL: 2CVE-2015-2459 – Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access
https://notcve.org/view.php?id=CVE-2015-2459
15 Aug 2015 — Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a atacantes remotos ejecutar código arbitrario a través de fuente OpenType manipulada, también conocida como 'OpenType Font Parsing Vulnerability', una vulnerabilidad diferente a CVE-2015-2458 y CVE-2015... • https://packetstorm.news/files/id/133194 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 50%CPEs: 17EXPL: 2CVE-2015-2460 – Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
https://notcve.org/view.php?id=CVE-2015-2460
15 Aug 2015 — ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Vulnerabilidad en ATMFD.DLL en Windows A... • https://packetstorm.news/files/id/133195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 46%CPEs: 12EXPL: 2CVE-2015-2461 – Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table
https://notcve.org/view.php?id=CVE-2015-2461
15 Aug 2015 — Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a atacantes remotos ejecutar código arbitrario a través de fuente OpenType manipulada, también conocida como 'OpenType Font Parsing Vulnerability', una vulnerabilidad diferente de las CVE-2015-2458 y CVE... • https://packetstorm.news/files/id/133197 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 46%CPEs: 29EXPL: 2CVE-2015-2462 – Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table
https://notcve.org/view.php?id=CVE-2015-2462
15 Aug 2015 — ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Vulnerabilidad en ATMFD.DLL ... • https://packetstorm.news/files/id/133200 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 91%CPEs: 12EXPL: 4CVE-2015-2426 – Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2426
20 Jul 2015 — Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability." Subdesbordamiento de buffer en atmfd.dll en la librería de Windows Adobe Type Man... • https://github.com/vlad902/hacking-team-windows-kernel-lpe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2015-1674 – Microsoft Windows CNG Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1674
12 May 2015 — The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability." El kernel en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows... • https://www.exploit-db.com/exploits/37052 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 90%CPEs: 5EXPL: 6CVE-2015-1701 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1701
21 Apr 2015 — Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." Win32k.sys en los controladores kernel-mode en Microsoft Windows Server 2003 SP2, Vista SP2 y Server 2008 SP2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, tal y como se explota activamente en Ab... • https://packetstorm.news/files/id/132403 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 4CVE-2015-2291 – Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-2291
17 Mar 2015 — (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. (1) IQVW32.sys en versiones anteriores a la 1.3.1.0 y (2) IQVW64.sys en versiones anteriores a la 1.3.1.0 en el controlador de diagnósticos de Intel Ethernet para Windows permi... • http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 23%CPEs: 12EXPL: 1CVE-2015-0088 – Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative to Operand Stack
https://notcve.org/view.php?id=CVE-2015-0088
11 Mar 2015 — Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and ... • https://packetstorm.news/files/id/133164 • CWE-94: Improper Control of Generation of Code ('Code Injection') •