9.3
CVE-2015-1671
- EPSS 74.14%
- Published 13.05.2015 10:59:03
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version3.0 Updatesp2
Microsoft ≫ .Net Framework Version4.0 Update-
Microsoft ≫ .Net Framework Version3.0 Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.0 Update-
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5.1
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5.2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ .Net Framework Version3.5 Update-
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ .Net Framework Version3.5 Update-
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ Live Meeting Version2007
Microsoft ≫ Silverlight Version5.0
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Remote Code Execution Vulnerability
VulnerabilityA remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.14% | 0.988 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|