KB4015380: Security Update for the ATMFD.dll Information Disclosure Vulnerability (April 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by an information disclosure
vulnerability.

Description :

The remote Windows host is missing security update KB4015380. It is,
therefore, affected by an information disclosure vulnerability in the
Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted document or
visit a malicious web page, to disclose sensitive information.

See also :

http://www.nessus.org/u?6fadc4a4
http://www.nessus.org/u?1396dba0

Solution :

Apply security update KB4015380.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 99308 ()

Bugtraq ID: 97452

CVE ID: CVE-2017-0192

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now