9.3
CVE-2015-2460
- EPSS 48.78%
- Published 15.08.2015 00:59:19
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version3.5
Microsoft ≫ Windows 10 Version-
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ .Net Framework Version3.0 Updatesp2
Microsoft ≫ .Net Framework Version4.0
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ .Net Framework Version4.5.1
Microsoft ≫ .Net Framework Version4.5.2
Microsoft ≫ .Net Framework Version4.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 48.78% | 0.977 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.