Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such records are EMRALPHABLEND, EMRBITBLT, EMRMASKBLT,...

Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API...

MS16-074: Security Update for Microsoft graphics component: June 14, 2016

Resolves vulnerabilities in Windows that could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.SummaryThis security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of...

Microsoft Windows ATMFD.DLL Elevation of Privilege (MS16-074: CVE-2016-3220)

An out of bound memory access vulnerability exists in Microsoft Windows ATMFD.DLL. The root cause is within atmfd.dll sub components that miscalculate indices to an array when dealing with a specially crafted ttf file. A successful exploitation could allow an attacker to run arbitrary code with...