Published: 13/05/2015 Updated: 12/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote malicious users to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft .net framework 3.5.1
microsoft .net framework 4.0
microsoft .net framework 4.5.2
microsoft .net framework 3.0
microsoft .net framework 3.5
microsoft .net framework 4.5
microsoft .net framework 4.5.1

Microsoft security updates May 2015

Securelist • Kurt Baumgartner • 12 May 2015

Microsoft released a set of thirteen Security Bulletins (MS015-043 through MS015-055) to start off May 2015, addressing 46 vulnerabilities in a wide set of Microsoft software technologies. Three of these are rated critical for RCE and the rest of the May 2015 Security Bulletins are rated Important. Two of the critical Bulletins (043 and 044) are especially risky and address critical RCE vulnerabilities across all versions of supported Windows platforms. Most likely, your Windows systems are ru...

CVE-2015-1670

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect