Vulnerability Details CVE-2015-2460
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.501
EPSS Ranking 97.7%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www.securitytracker.com/id/1033238
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
- https://www.exploit-db.com/exploits/37921/
- http://www.securitytracker.com/id/1033238
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
- https://www.exploit-db.com/exploits/37921/
Products affected by CVE-2015-2460
-
cpe:2.3:a:microsoft:.net_framework:3.0
-
cpe:2.3:a:microsoft:.net_framework:3.5
-
cpe:2.3:a:microsoft:.net_framework:3.5.1
-
cpe:2.3:a:microsoft:.net_framework:4.0
-
cpe:2.3:a:microsoft:.net_framework:4.5
-
cpe:2.3:a:microsoft:.net_framework:4.5.1
-
cpe:2.3:a:microsoft:.net_framework:4.5.2
-
cpe:2.3:a:microsoft:.net_framework:4.6
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_8:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_vista:-