9.3
CVE-2015-1671
- EPSS 74.14%
- Veröffentlicht 13.05.2015 10:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version3.0 Updatesp2
Microsoft ≫ .Net Framework Version4.0 Update-
Microsoft ≫ .Net Framework Version3.0 Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.0 Update-
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5.1
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version4.5.2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ .Net Framework Version3.5 Update-
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ .Net Framework Version3.5 Update-
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ Live Meeting Version2007
Microsoft ≫ Silverlight Version5.0
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Remote Code Execution Vulnerability
SchwachstelleA remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.14% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|