Microsoft Windows GDI+ CVE-2015-1671 TrueType Font Handling Remote Code Execution Vulnerability



Microsoft Windows GDI+ is prone to a remote code-execution vulnerability.

Successful exploits can allow attackers to execute arbitrary code with kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.

Information

Bugtraq ID: 74490
Class: Design Error
CVE: CVE-2015-1671

Remote: Yes
Local: No
Published: May 12 2015 12:00AM
Updated: Oct 04 2017 09:01PM
Credit: Yichong Lin
Vulnerable: Microsoft Windows Vista x64 Edition Service Pack 2 0
Microsoft Windows Vista Service Pack 2 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows RT 8.1
Microsoft Windows RT 0
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 8 for x64-based Systems 0
Microsoft Windows 8 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Silverlight 5.0
Microsoft Silverlight 5 Developer Runtime
Microsoft Office 2010 Service Pack 2 (64-bit editions) 0
Microsoft Office 2010 Service Pack 2 (32-bit editions) 0
Microsoft Office 2007 SP3
Microsoft Lync Basic 2013 (64-bit) SP1
Microsoft Lync Basic 2013 (32-bit) SP1
Microsoft Lync 2013 (64-bit) SP1
Microsoft Lync 2013 (32-bit) SP1
Microsoft Lync 2010 Attendee 0
Microsoft Lync 2010 (64-bit) 0
Microsoft Lync 2010 (32-bit) 0
Microsoft Live Meeting 2007 Console 0
Avaya Messaging Application Server 5.2.1
Avaya Messaging Application Server 5.0.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5.0
Avaya Meeting Exchange - Webportal 6.2
Avaya Meeting Exchange - Webportal 6.0
Avaya Meeting Exchange - Webportal 5.2.1
Avaya Meeting Exchange - Webportal 5.2
Avaya Meeting Exchange - Webportal 5.0.1
Avaya Meeting Exchange - Webportal 5.0
Avaya Meeting Exchange - Web Conferencing Server 6.2
Avaya Meeting Exchange - Web Conferencing Server 6.0
Avaya Meeting Exchange - Web Conferencing Server 5.2.1
Avaya Meeting Exchange - Web Conferencing Server 5.2
Avaya Meeting Exchange - Web Conferencing Server 5.0.1
Avaya Meeting Exchange - Web Conferencing Server 5.0
Avaya Meeting Exchange - Streaming Server 6.2
Avaya Meeting Exchange - Streaming Server 6.0
Avaya Meeting Exchange - Streaming Server 5.2.1
Avaya Meeting Exchange - Streaming Server 5.2
Avaya Meeting Exchange - Streaming Server 5.0.1
Avaya Meeting Exchange - Streaming Server 5.0
Avaya Meeting Exchange - Recording Server 6.2
Avaya Meeting Exchange - Recording Server 6.0
Avaya Meeting Exchange - Recording Server 5.2.1
Avaya Meeting Exchange - Recording Server 5.2
Avaya Meeting Exchange - Recording Server 5.0.1
Avaya Meeting Exchange - Recording Server 5.0
Avaya Meeting Exchange - Client Registration Server 6.2
Avaya Meeting Exchange - Client Registration Server 6.0
Avaya Meeting Exchange - Client Registration Server 5.2.1
Avaya Meeting Exchange - Client Registration Server 5.2
Avaya Meeting Exchange - Client Registration Server 5.0.1
Avaya Meeting Exchange - Client Registration Server 5.0
Avaya CallPilot 5.1
Avaya CallPilot 5.0.1
Avaya CallPilot 4.0.1
Avaya CallPilot 5.0
Avaya CallPilot 4.0


Not Vulnerable:

Exploit


This vulnerability is being exploited as part of the Angler exploit kit.


Related Posts

Comments