The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Published 2015-05-13 10:59:04
Updated 2024-06-28 17:26:20
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2015-1671

Threat overview for CVE-2015-1671

Top countries where our scanners detected CVE-2015-1671
Top open port discovered on systems with this issue 443
IPs affected by CVE-2015-1671 88,562
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2015-1671!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

CVE-2015-1671 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft Windows Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-1671
Added on 2022-05-25 Action due date 2022-06-15

Exploit prediction scoring system (EPSS) score for CVE-2015-1671

87.52%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1671

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST 2024-06-28

References for CVE-2015-1671

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!