CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1671

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score33.2310%
EPSS Percentile85.08th
PublishedMay 13, 2015
Last ModifiedApr 22, 2026

Vulnerability Description

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 3.0
πŸ“¦
Microsoft

.net Framework

= 4.0
πŸ“¦
Microsoft

.net Framework

= 4.5
πŸ“¦
Microsoft

.net Framework

= 4.5.1
πŸ“¦
Microsoft

.net Framework

= 4.5.2
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

Live Meeting

= 2007
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2013
πŸ“¦
Microsoft

Silverlight

= 5.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/74490
πŸ”— http://www.securitytracker.com/id/1032281
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
πŸ”— http://www.securityfocus.com/bid/74490
πŸ”— http://www.securitytracker.com/id/1032281
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1671

Related Vulnerabilities

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...