توصيات متعلقة بنقاط ضغف برنامج التشغيل WINDOWS OPENTYPE

Security Advisory: AE-Advisory 15-015 Criticality: high
Issue Discovered On: 23-July-2015    
Advisory Released On: 23-July-2015    
Last Revised On: 23-July-2015    
Impact: Remote code execution. Disclosure of information. Administrative permissions.
Affected Platforms

All Platforms

Summary

aeCERT has noticed that there is a new critical vulnerability associated with the latest Adobe Type Manager Library. A buffer overflow in a file called “atmfd.dll” in the mentioned library can allow remote code execution which can lead to complete control of the affected system. The attacker is able to install programs, view, change and delete data or even create new user accounts with full user rights. The attacker is able to infect systems by making a user open a specially crafted web page which embeds malicious.

Solution

The aeCERT recommends that you follow a workaround provided by Microsoft TechNet.

Rename ATMFD.DLL

32-bit operating systems

Open a command prompt window and enter the following commands:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

Then reboot the system.

64-bit operating systems

Open a command prompt window and enter the following commands:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

cd "%windir%\syswow64"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

Then reboot the system.

Original Advisory

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2426

 

https://technet.microsoft.com/library/security/ms15-078

Back To Advisory List