Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2015-1671

Published: May 13, 2015 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2015-1671
CWEhttps://cwe.mitre.org/data/definitions/19.html

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka TrueType Font Parsing Vulnerability.

Affected Software

Name Vendor Start Version End Version
.net_framework Microsoft 3.0-sp2 (including) 3.0-sp2 (including)
.net_framework Microsoft 3.5 (including) 3.5 (including)
.net_framework Microsoft 3.5.1 (including) 3.5.1 (including)
.net_framework Microsoft 4.0 (including) 4.0 (including)
.net_framework Microsoft 4.5 (including) 4.5 (including)
.net_framework Microsoft 4.5.1 (including) 4.5.1 (including)
.net_framework Microsoft 4.5.2 (including) 4.5.2 (including)
Live_meeting Microsoft 2007 (including) 2007 (including)
Lync Microsoft 2010 (including) 2010 (including)
Lync Microsoft 2013-sp1 (including) 2013-sp1 (including)
Office Microsoft 2007-sp3 (including) 2007-sp3 (including)
Office Microsoft 2010-sp2 (including) 2010-sp2 (including)
Silverlight Microsoft * 5 (including)
Silverlight Microsoft * 5.1.30214.0 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use