Unrated severityNVD Advisory· Published May 13, 2015· Updated Jun 17, 2026
CVE-2015-1670
CVE-2015-1670
Description
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
- (no CPE)range: 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/74485nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1032281nvdThird Party AdvisoryVDB Entry
- docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044nvd
News mentions
0No linked articles in our index yet.