CVE-2015-1671
Published: 13 May 2015
Summary
CVE-2015-1671 is a high-severity an unspecified weakness vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is a TrueType font parsing flaw in the Windows DirectWrite library that can result in arbitrary code execution. It affects Microsoft .NET Framework 3.0 SP2 through 4.5.2, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, multiple Lync 2010/2013 versions, and Silverlight 5 releases prior to 5.1.40416.00, including the corresponding Developer Runtime.
Remote attackers can exploit the issue by supplying a crafted TrueType font, for example through documents or web content processed by the affected components. Successful exploitation grants the ability to execute arbitrary code in the context of the current user, with a CVSS 3.1 base score of 7.8 reflecting the requirement for user interaction.
Microsoft security bulletin MS15-044 addresses the vulnerability and supplies patches for the listed products; the associated SecurityFocus and SecurityTracker entries reference the same advisory for further details on updates. No information on observed in-the-wild exploitation is provided in the source references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1801
Vulnerability details
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013…
more
SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
- CWE(s)
- KEV Date Added
- 25 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the MS15-044 patches that correct the TrueType font parsing flaw in DirectWrite.
Mandates validation of untrusted font data before processing, which would block the crafted TrueType structures used for code execution.
Requires malicious-code detection mechanisms capable of inspecting or blocking documents and web content containing weaponized fonts.