Unrated severityNVD Advisory· Published May 13, 2015· Updated May 6, 2026

CVE-2015-1670

Description

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

Affected products

Microsoft/.net Framework7 versions
cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/74485nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032281nvdThird Party AdvisoryVDB Entry
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000