Exploitation Summary
CVE-2015-1671 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns.
Description
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032281
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74490
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1671
Scores
CVSS v3
7.8
EPSS
0.8803
EPSS Percentile
99.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-25
VulnCheck KEV
2021-02-11
InTheWild.io
2015-07-21
ENISA EUVD
EUVD-2015-1801
Ransomware Use
Confirmed
Status
published
Products (11)
microsoft/.net_framework
3.0 sp2
microsoft/.net_framework
4.0
microsoft/.net_framework
4.5
microsoft/.net_framework
4.5.1
microsoft/.net_framework
4.5.2
microsoft/.net_framework
3.5.1
microsoft/.net_framework
3.5
microsoft/live_meeting
2007
microsoft/lync
2010
microsoft/lync
2013 sp1
... and 1 more
Published
May 13, 2015
KEV Added
May 25, 2022
Tracked Since
Feb 18, 2026