CVE-2015-1670Sensitive Information Exposure in Microsoft NET Framework

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
4.5%
top 10.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedMay 13
Latest updateMay 14

Description

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/net_framework7 versions+6

🔴Vulnerability Details

4
GHSA
GHSA-9cj3-6fcw-36r3: The Windows DirectWrite library, as used in Microsoft2022-05-14
Project0
Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure - Project Zero2015-09-01
Project0
One font vulnerability to rule them all #1: Introducing the BLEND vulnerability - Project Zero2015-07-01
CVEList
CVE-2015-1670: The Windows DirectWrite library, as used in Microsoft2015-05-13
CVE-2015-1670 — Sensitive Information Exposure | cvebase