Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2455

CWE-20Improper Input Validation5 documents5 sources
Severity
9.3CRITICAL
EPSS
53.2%
top 2.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Microsoft SilverlightMicrosoft .net FrameworkMicrosoft Live Meeting+5 more
Timeline
PublishedAug 15
Latest updateMay 14

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsi

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

NVDmicrosoft/lync2010, 2013+1
NVDmicrosoft/silverlight5.1.40416.0

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-6mrc-f9f8-fhm4: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14
Project0
A year of Windows kernel font fuzzing #1: the results - Project Zero2016-06-01
CVEList
CVE-2015-2455: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82015-08-15

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'win32k.sys' TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow2015-08-21
CVE-2015-2455 (CRITICAL CVSS 9.3) | Microsoft Windows Vista SP2 | cvebase.io