CVE-2015-1671

KEV

Published: Mag 13, 2015 Last Modified: Ott 22, 2025

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 9,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka 'TrueType Font Parsing Vulnerability.'

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,8386

Percentile

1,0th

Updated

EPSS Score Trend (Last 91 Days)

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 3.5

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 4.5.1

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 4.5.2

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 4.5

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 4.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:4.0:-:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Lync by Microsoft

Product Information

Vendor Microsoft

Product Lync

Version 2010

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:lync:2010:*:*:*:attendee:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Lync by Microsoft

Product Information

Vendor Microsoft

Product Lync

Version 2013

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 3.5.1

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Live Meeting by Microsoft

Product Information

Vendor Microsoft

Product Live Meeting

Version 2007

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

.Net Framework by Microsoft

Product Information

Vendor Microsoft

Product .Net Framework

Version 3.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Silverlight by Microsoft

Product Information

Vendor Microsoft

Product Silverlight

Version 5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015…

https://docs.microsoft.com/en-us/security-updates/securityb…

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-0…

http://www.securityfocus.com/bid/74490

http://www.securitytracker.com/id/1032281

https://docs.microsoft.com/en-us/security-updates/securityb…

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-0…

http://www.securityfocus.com/bid/74490

http://www.securitytracker.com/id/1032281

CVE-2015-1671

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

.Net Framework by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

Lync by Microsoft

Product Information

Lync by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

Live Meeting by Microsoft

Product Information

.Net Framework by Microsoft

Product Information

Silverlight by Microsoft

Product Information

Iscriviti alla newsletter