Vulnerability Description
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 3.0 |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Server 2012 | All versions |
| Microsoft | Windows Rt | - |
| Microsoft | Windows Rt 8.1 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/76215Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033238Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08PatchVendor Advisory
- https://www.exploit-db.com/exploits/37916/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/76215Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033238Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08PatchVendor Advisory
- https://www.exploit-db.com/exploits/37916/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-2462?
CVE-2015-2462 is a vulnerability with a CVSS score of 9.3 (HIGH). ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows ...
How severe is CVE-2015-2462?
CVE-2015-2462 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2462?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows 10.