cve/2015/CVE-2015-2426.md

### [CVE-2015-2426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

### POC

#### Reference
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/
- https://www.exploit-db.com/exploits/38222/

#### Github
- https://github.com/1o24er/Python-
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ByteHackr/WindowsExploitation
- https://github.com/Cherishao/Security-box
- https://github.com/HiJackJTR/github_arsenal
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SSlvtao/CTF
- https://github.com/Vxer-Lee/Hack_Tools
- https://github.com/ZiDuNet/Note
- https://github.com/birdhan/SecurityTools
- https://github.com/blacksunwen/Python-tools
- https://github.com/cream-sec/pentest-tools
- https://github.com/githuberxu/Security-Resources
- https://github.com/googleprojectzero/BrokenType
- https://github.com/hackerso007/Sec-Box-master
- https://github.com/hackstoic/hacker-tools-projects
- https://github.com/hantiger/-
- https://github.com/jay900323/SecurityTools
- https://github.com/jerryxk/Sec-Box
- https://github.com/nitishbadole/oscp-note-2
- https://github.com/paulveillard/cybersecurity-windows-exploitation
- https://github.com/r3p3r/nixawk-awesome-windows-exploitation
- https://github.com/ralex1975/HT-windows-kernel-lpe
- https://github.com/rhamaa/Binary-exploit-writeups
- https://github.com/rmsbpro/rmsbpro
- https://github.com/sathwikch/windows-exploitation
- https://github.com/scuechjr/Sec-Box
- https://github.com/sunu11/Sec-Box
- https://github.com/vlad902/hacking-team-windows-kernel-lpe
- https://github.com/yige666/web-
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-2426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."`

			`### POC`

			`#### Reference`
			`- http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/`
			`- https://www.exploit-db.com/exploits/38222/`

			`#### Github`
			`- https://github.com/1o24er/Python-`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ByteHackr/WindowsExploitation`
			`- https://github.com/Cherishao/Security-box`
			`- https://github.com/HiJackJTR/github_arsenal`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/SSlvtao/CTF`
			`- https://github.com/Vxer-Lee/Hack_Tools`
			`- https://github.com/ZiDuNet/Note`
			`- https://github.com/birdhan/SecurityTools`
			`- https://github.com/blacksunwen/Python-tools`
			`- https://github.com/cream-sec/pentest-tools`
			`- https://github.com/githuberxu/Security-Resources`
			`- https://github.com/googleprojectzero/BrokenType`
			`- https://github.com/hackerso007/Sec-Box-master`
			`- https://github.com/hackstoic/hacker-tools-projects`
			`- https://github.com/hantiger/-`
			`- https://github.com/jay900323/SecurityTools`
			`- https://github.com/jerryxk/Sec-Box`
			`- https://github.com/nitishbadole/oscp-note-2`
			`- https://github.com/paulveillard/cybersecurity-windows-exploitation`
			`- https://github.com/r3p3r/nixawk-awesome-windows-exploitation`
			`- https://github.com/ralex1975/HT-windows-kernel-lpe`
			`- https://github.com/rhamaa/Binary-exploit-writeups`
			`- https://github.com/rmsbpro/rmsbpro`
			`- https://github.com/sathwikch/windows-exploitation`
			`- https://github.com/scuechjr/Sec-Box`
			`- https://github.com/sunu11/Sec-Box`
			`- https://github.com/vlad902/hacking-team-windows-kernel-lpe`
			`- https://github.com/yige666/web-`