Lucene search
KeenTeam's Jihui Lu and Peter HlavatyZDI-15-388HistoryAug 11, 2015 - 12:00 a.m.
(Pwn2Own) Microsoft Windows TrueType Fonts Out-Of-Bounds Write Remote Code Execution Vulnerability
2015-08-1100:00:00
KeenTeam's Jihui Lu and Peter Hlavaty
www.zerodayinitiative.com
30
0.122 Low
EPSS
Percentile
95.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the IUP instruction (opcode 0x31) in TrueType fonts. A crafted font can cause point patching to modify arbitrary addresses in the Windows kernel. This can be leveraged by an attacker to run arbitrary code in the context of SYSTEM.
Related
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2455)
2015-08-11 00:00:00
symantec
symantec
zdt
zdt
cvelist
cvelist
CVE-2015-2455
2015-08-15 00:00:00
CVE-2015-2456
2015-08-15 00:00:00
cve
cve
CVE-2015-2456
2015-08-15 00:59:16
CVE-2015-2455
2015-08-15 00:59:15
nvd
nvd
CVE-2015-2455
2015-08-15 00:59:15
CVE-2015-2456
2015-08-15 00:59:16
prion
prion
Design/Logic Flaw
2015-08-15 00:59:00
Design/Logic Flaw
2015-08-15 00:59:00
googleprojectzero
googleprojectzero
A year of Windows kernel font fuzzing #1: the results
2016-06-27 00:00:00
nessus
nessus
openvas
openvas
Microsoft Silverlight Remote Code Execution Vulnerability (3078662)
2015-08-13 00:00:00
Microsoft Lync Remote Code Execution Vulnerabilities (3078662)
2015-08-12 00:00:00
mskb
mskb
kaspersky
kaspersky
KLA10646 Multiple vulnerabilities in Microsoft Windows
2015-08-11 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00