CVE-2015-1671
high-risk
Published 2015-05-13
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Do I need to act?
!
85.9% chance of exploitation in next 30 days
EPSS score — higher than 14% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (11)
Affected Vendors
References (7)
Broken Link
http://www.securityfocus.com/bid/74490
Broken Link
http://www.securitytracker.com/id/1032281
Broken Link
http://www.securityfocus.com/bid/74490
Broken Link
http://www.securitytracker.com/id/1032281
67
/ 100
high-risk
Severity
24/34 · High
Exploitability
27/34 · High
Exposure
16/34 · Moderate