Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2016-7210

Опубликовано: 08 нояб. 2016
Источник: msrc
CVSS3: 4.4
EPSS Средний

Описание

Open Type Font Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Adobe Type Manager Font Driver improperly handles specially crafted OpenType fonts. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The update addresses the vulnerability by correcting how the Adobe Type Manager Font Driver handles OpenType fonts.

Обходное решение

Rename ATMFD.DLL For 32-bit systems:

  1. Enter the following commands at an administrative command prompt: cd "%windir%\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll
  2. Restart the system.

For 64-bit systems:

  1. Enter the following commands at an administrative command prompt: cd "%windir%\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll cd "%windir%\syswow64" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll
  2. Restart the system.

Optional procedure for Windows 8 and later operating systems (disable ATMFD): Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

Method 1 (manually edit the system registry):

  1. Run regedit.exe as Administrator.
  2. In Registry Editor, navigate to the following sub key (or create it) and set its DWORD value to 1:

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 1

  3. Close Registry Editor and restart the system.

Method 2 (use a managed deployment script):

  1. Create a text file named ATMFD-disable.reg that contains the following text:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableATMFD"=dword:00000001

  1. Run regedit.exe.
  2. In Registry Editor, click the File menu and then click Import.
  3. Navigate to and select the ATMFD-disable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
  4. Click Open and then click OK to close Registry Editor.

Impact of workaround. Applications that rely on embedded font technology will not display properly. Disabling ATMFD.DLL could cause certain applications to stop working properly if they use OpenType fonts. Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change.

How to undo the workaround. For 32-bit systems:

  1. Enter the following commands at an administrative command prompt:
cd "%windir%\system32" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl

  1. Restart the system.

For 64-bit systems:

  1. Enter the following commands at an administrative command prompt:
cd "%windir%\system32" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl cd "%windir%\syswow64" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl

  1. Restart the system.

Optional procedure for Windows 8 and later operating systems (enable ATMFD): Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

Method 1 (manually edit the system registry):

  1. Run regedit.exe as Administrator.
  2. In Registry Editor, navigate to the following sub key and set its DWORD value to 0:

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 0

  3. Close Registry Editor and restart the system.

Method 2 (use a managed deployment script):

  1. Create a text file named ATMFD-enable.reg that contains the following text:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableATMFD"=dword:00000000

  1. Run regedit.exe.
  2. In Registry Editor, click the File menu and then click Import.
  3. Navigate to and select the ATMFD-enable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
  4. Click Open and then click OK to close Registry Editor.

Обновления

ПродуктСтатьяОбновление
Windows Vista Service Pack 2
3203859
Security Update
Windows Server 2008 for Itanium-Based Systems Service Pack 2
3203859
Security Update
Windows Server 2008 for 32-bit Systems Service Pack 2
3203859
Security Update
Windows Vista x64 Edition Service Pack 2
3203859
Security Update
Windows Server 2008 for x64-based Systems Service Pack 2
3203859
Security Update
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
3203859
Security Update
Windows 7 for 32-bit Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
31978683197867
Monthly RollupSecurity Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 97%
0.35475
Средний

4.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2016-7210

CVSS3: 6.5
nvd
почти 9 лет назад

atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability."

github логотип

GHSA-v3xx-rxcf-rp8q

CVSS3: 6.5
github
больше 3 лет назад

atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability."

fstec логотип

BDU:2016-02397

fstec
почти 9 лет назад

Уязвимость операционной системы Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.35475
Средний

4.4 Medium

CVSS3