CyberSec.Space Logo
Back to CVE Browser

CVE-2015-2435

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile13.32th
PublishedAug 15, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 3.0
πŸ“¦
Microsoft

.net Framework

= 4.0
πŸ“¦
Microsoft

.net Framework

= 4.5
πŸ“¦
Microsoft

.net Framework

= 4.5.1
πŸ“¦
Microsoft

.net Framework

= 4.5.2
πŸ“¦
Microsoft

.net Framework

= 4.6
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

Live Meeting

= 2007
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2013
πŸ“¦
Microsoft

Lync Basic

= 2013
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2010
πŸ“¦
Microsoft

Silverlight

<= 5.1.40416.0
πŸ’»
Microsoft

Windows 10

All versions
πŸ’»
Microsoft

Windows 7

All versions
πŸ’»
Microsoft

Windows 8

All versions
πŸ’»
Microsoft

Windows 8.1

All versions
πŸ’»
Microsoft

Windows Rt

All versions
πŸ’»
Microsoft

Windows Rt 8.1

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

= r2
πŸ’»
Microsoft

Windows Server 2008

= r2
πŸ’»
Microsoft

Windows Server 2012

All versions
πŸ’»
Microsoft

Windows Server 2012

= r2
πŸ’»
Microsoft

Windows Vista

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/76238
πŸ”— http://www.securitytracker.com/id/1033238
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-387
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
πŸ”— http://www.securityfocus.com/bid/76238
πŸ”— http://www.securitytracker.com/id/1033238
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-387
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

Related Vulnerabilities

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...