MS15-021: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)
High Nessus Plugin ID 81736
SynopsisThe Adobe Font driver on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is affected by the following vulnerabilities in the Adobe Font driver :
- A flaw exists in the Adobe Font Driver due to improper allocation of memory. This allows a remote attacker, using a specially crafted font in a file or website, to cause a denial of service. (CVE-2015-0074)
- Multiple flaws exist in the Adobe Font Driver that allow a remote attacker, using specially crafted fonts, to obtain sensitive information from kernel memory.
- Multiple flaws exist in the Adobe Font Driver due to improper validation of user-supplied input. A remote attacker can exploit this, using a specially crafted font in a file or website, to execute arbitrary code.
(CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, CVE-2015-0093)
SolutionMicrosoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, 2012, 8.1, Windows RT 8.1, and 2012 R2.