CVE-2015-1670

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.0
microsoft.net_framework
4.5
microsoft.net_framework
4.5.1
microsoft.net_framework
4.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/74485
http://www.securitytracker.com/id/1032281
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
http://www.securityfocus.com/bid/74485
http://www.securitytracker.com/id/1032281
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044