CVE-2015-2506

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Windows 10

Description The issue is related to the improper handling of specially crafted OpenType fonts by the Adobe Type Manager Library in Microsoft Windows, which can lead to a denial of service or potentially allow an attacker to execute arbitrary code and take control of the affected system. An attacker could exploit this by providing a crafted font file, potentially allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The attacker would first need to log on to the target system to exploit this issue.

Recommendations For Microsoft Windows Vista SP2, update the Adobe Type Manager Library to prevent exploitation. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the necessary patch to fix the vulnerability in the Adobe Type Manager Library. For Microsoft Windows 7 SP1, ensure the Adobe Type Manager Library is updated to a version that is not vulnerable. For Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10, apply the relevant security update to address the issue in the Adobe Type Manager Library. As a temporary workaround, consider restricting the use of OpenType fonts from untrusted sources until a patch is applied.