CVE-2015-2387

Name of the Vulnerable Software and Affected Versions Adobe Type Manager Font Driver versions in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1

Description The issue is related to the Adobe Type Manager Font Driver in Microsoft Windows, which allows local users to gain privileges via a crafted application. This is due to the driver's failure to properly handle objects in memory. An attacker who successfully exploits this issue could execute arbitrary code and take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit the issue, an attacker would first have to log on to a target system.

Recommendations For Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, update the Adobe Type Manager Font Driver to a version that properly handles objects in memory to prevent privilege escalation. As a temporary workaround, consider restricting access to the Adobe Type Manager Font Driver until a patch is available.