HackDig : Dig high-quality web security articles for hackers

Another Hacking Team exploit that is CRITICAL for ALL Windows systems – CVE-2015-2426

2015-07-22 20:10

It just doesn’t seem to end with all the exploits being revealed by the Hacking Team dump earlier this month. This vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain system privileges on an affected Windows system.

Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by Windows and provides support for OpenType fonts. A memory-corruption flaw (buffer underflow) in Adobe Type Manager allows for manipulation of Windows kernel memory, which can result in a wide range of impacts.  This vulnerability can allow an attacker to gain SYSTEM privileges on an affected Windows system. Hackers would use this to infect users systems with any type of malware and gain remote control access if they desired – all without notifying the user. Also, this vulnerability can be used to bypass web browser and other OS-level sandboxing and protections.

This is a confirmed exploit on Windows XP and up and Windows Server 2003 and up. Since Windows XP and Windows Server 2003 are no longer supported by Microsoft, there is no patch for users on those operating systems so we HIGHLY advise that you migrate to a newer operating system. Windows Vista, 7, and 8 users are going to have an update rolled out shortly that will patch this vulnerability so make sure you keep an eye our for updates. More info here

The post Another Hacking Team exploit that is CRITICAL for ALL Windows systems – CVE-2015-2426 appeared first on Webroot Threat Blog.


Source: swodniw-lla-rof-lacitirc-si-taht-tiolpxe-maet-gnikcah-rehtona/22/70/5102/golb/moc.toorbew.www

Read:3298 | Comments:0 | Tags:Exploits exploit

“Another Hacking Team exploit that is CRITICAL for ALL Windows systems – CVE-2015-2426”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud