CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-2435

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile13.32th
Published2015年8月15日
Last Modified2026年5月6日

Vulnerability Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

.net Framework

= 3.0
📦
Microsoft

.net Framework

= 4.0
📦
Microsoft

.net Framework

= 4.5
📦
Microsoft

.net Framework

= 4.5.1
📦
Microsoft

.net Framework

= 4.5.2
📦
Microsoft

.net Framework

= 4.6
📦
Microsoft

.net Framework

= 3.5.1
📦
Microsoft

.net Framework

= 3.5
📦
Microsoft

Live Meeting

= 2007
📦
Microsoft

Lync

= 2010
📦
Microsoft

Lync

= 2010
📦
Microsoft

Lync

= 2013
📦
Microsoft

Lync Basic

= 2013
📦
Microsoft

Office

= 2007
📦
Microsoft

Office

= 2010
📦
Microsoft

Silverlight

<= 5.1.40416.0
💻
Microsoft

Windows 10

All versions
💻
Microsoft

Windows 7

All versions
💻
Microsoft

Windows 8

All versions
💻
Microsoft

Windows 8.1

All versions
💻
Microsoft

Windows Rt

All versions
💻
Microsoft

Windows Rt 8.1

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

= r2
💻
Microsoft

Windows Server 2008

= r2
💻
Microsoft

Windows Server 2012

All versions
💻
Microsoft

Windows Server 2012

= r2
💻
Microsoft

Windows Vista

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/76238
🔗 http://www.securitytracker.com/id/1033238
🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-387
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
🔗 http://www.securityfocus.com/bid/76238
🔗 http://www.securitytracker.com/id/1033238
🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-387
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080

関連する脆弱性情報

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...