CVE-2015-2432
Windows Adobe Type Manager Library - Remote Code Execution via Crafted OpenType Font
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-2432. PoCs published by Google Security Research.
AI-analyzed exploit summary This exploit demonstrates a kernel pool corruption vulnerability in ATMFD.DLL on Windows 7, where uninitialized pointers in an array lead to a PAGE_FAULT_IN_NONPAGED_AREA crash. The PoC includes corrupted OTF font files that trigger the vulnerability, causing a denial-of-service condition.
Description
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Exploits (1)
This exploit demonstrates a kernel pool corruption vulnerability in ATMFD.DLL on Windows 7, where uninitialized pointers in an array lead to a PAGE_FAULT_IN_NONPAGED_AREA crash. The PoC includes corrupted OTF font files that trigger the vulnerability, causing a denial-of-service condition.