Lucene search
KeenTeam's Jihui Lu and Peter HlavatyZDI-15-387HistoryAug 11, 2015 - 12:00 a.m.
(Pwn2Own) Microsoft Windows TrueType Font Pool Overflow Remote Code Execution Vulnerability
2015-08-1100:00:00
KeenTeam's Jihui Lu and Peter Hlavaty
www.zerodayinitiative.com
19
0.857 High
EPSS
Percentile
98.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TrueType fonts. A glyph can be crafted to cause a buffer overflow in win32k!vCopyClearTypeBits in the Windows kernel, allowing read and write access to kernel memory. This can be leveraged by an attacker to run arbitrary code in the context of SYSTEM.
Related
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2435)
2015-08-11 00:00:00
prion
prion
Design/Logic Flaw
2015-08-15 00:59:00
nvd
nvd
CVE-2015-2435
2015-08-15 00:59:11
symantec
symantec
cvelist
cvelist
CVE-2015-2435
2015-08-15 00:00:00
cve
cve
CVE-2015-2435
2015-08-15 00:59:11
nessus
nessus
openvas
openvas
Microsoft Silverlight Remote Code Execution Vulnerability (3078662)
2015-08-13 00:00:00
Microsoft Lync Remote Code Execution Vulnerabilities (3078662)
2015-08-12 00:00:00
mskb
mskb
kaspersky
kaspersky
KLA10646 Multiple vulnerabilities in Microsoft Windows
2015-08-11 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00