3 matches found
Microsoft Unicode Scripts Processor Arbitrary Code Execution Exploit
On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" TTF file, which typically can be embedded in e.g...
Microsoft Windows Uniscribe Integer Underflow (MS15-130: CVE-2015-6130)
An integer underflow vulnerability exists in Microsoft Windows Uniscribe. The vulnerability is due to an improper alignment of table offsets leading to an integer underflow. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted ttf file. Successful...
MS15-130: Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
The remote Windows host is affected by a remote code execution vulnerability due to improper parsing of fonts by Uniscribe. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted document or visit an untrusted website that contains specially crafted...