The vulnerability was reported by FireEye researcher Wang Yu.
Vulnerability details
Advisory: SB2015090802 - Multiple vulnerabilities in Microsoft Windows
Vulnerable component: Windows
CVE-ID: CVE-2015-2546
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Note: the vulnerability was being actively exploited.
External links:
https://technet.microsoft.com/en-us/library/security/ms15-097
https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/twoforonefinal.pdf
https://www.symantec.com/security_response/vulnerability.jsp?bid=76608
https://krebsonsecurity.com/2015/09/microsoft-pushes-a-dozen-security-updates/
http://www.securityweek.com/microsoft-patches-windows-vulnerability-exploited-wild
https://www.scmagazine.com/microsoft-fixes-several-bugs-on-patch-tuesday-two-being-actively-exploite...
https://www.helpnetsecurity.com/2015/09/09/microsoft-pushes-out-security-updates-plugs-holes-activel...
https://threatpost.com/microsoft-patches-graphics-component-flaw-under-attack/114575/
http://www.securitynewspaper.com/2015/09/09/microsoft-patches-graphics-component-flaw-under-attack/