Vulnerability Description
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Framework | 3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/74485Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032281Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-04
- http://www.securityfocus.com/bid/74485Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032281Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-04
FAQ
What is CVE-2015-1670?
CVE-2015-1670 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a cr...
How severe is CVE-2015-1670?
CVE-2015-1670 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1670?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework.