Zero-day vulnerability in Windows

The exploit code was revealed after Hacking Team data leak.
Public exploit code for this vulnerability became available as part of the Hacking Team leaks on July 5, 2015.

Advisory: SB2015070702 - Arbitrary code execution in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2015-2387

CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-119 - Memory corruption

Description:

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Adobe Type Manager module (ATMFD.dll). A local attacker can execute a specially crafted application, trigger memory corruption, bypass OS-level sandboxing and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

External links:

https://technet.microsoft.com/en-us/library/security/ms15-077.aspx http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vuln...
http://www.securityweek.com/microsoft-patches-hacking-team-zero-days-other-vulnerabilities
https://countuponsecurity.com/2015/07/24/hacking-team-arsenal-of-cyber-weapons/
https://securingtomorrow.mcafee.com/business/security-connected/microsoft-patch-tuesday-july-2015/
http://www.bankinfosecurity.com/hacking-team-dump-windows-zero-day-a-8404
https://www.secureworks.com/blog/targeted-exploit-and-escalation