Vulnerability Details CVE-2015-1670
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/74485
- http://www.securitytracker.com/id/1032281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
- http://www.securityfocus.com/bid/74485
- http://www.securitytracker.com/id/1032281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
Products affected by CVE-2015-1670
-
cpe:2.3:a:microsoft:.net_framework:3.0
-
cpe:2.3:a:microsoft:.net_framework:3.5
-
cpe:2.3:a:microsoft:.net_framework:3.5.1
-
cpe:2.3:a:microsoft:.net_framework:4.0
-
cpe:2.3:a:microsoft:.net_framework:4.5
-
cpe:2.3:a:microsoft:.net_framework:4.5.1
-
cpe:2.3:a:microsoft:.net_framework:4.5.2