Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2015-2426

Disclosure Date: July 20, 2015
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Driver Vulnerability.”

Add Assessment

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • microsoft

Products

  • windows 10 -,
  • windows 7 -,
  • windows 8 -,
  • windows 8.1 -,
  • windows rt -,
  • windows rt 8.1 -,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows vista -

Exploited in the Wild

Reported by:
Technical Analysis