Oval Definition:oval:org.mitre.oval:def:28207
Revision Date:2015-12-22Version:62
Title:TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044)
Description:The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-1671
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 SP1
Microsoft .NET Framework 4.5 SP2
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.2
Microsoft live meeting 2007
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync Basic 2013
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 5
Definition Synopsis
  • Windows Server 2k3 and vulnerable file version
  • Either OS
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of win32k.sys is less than 5.2.3790.5615
  • OR Vista / 2k8 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND gdr/ldr
  • Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000
  • AND Check if the version of win32k.sys is less than 6.0.6002.23680
  • OR Check if the version of win32k.sys is less than 6.0.6002.19372
  • OR Win 7 / R2 + vulnerable file version
  • Win 7 / R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND gdr/ldr
  • Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.1.7601.23000
  • AND Check if the version of win32k.sys is less than 6.1.7601.23038
  • OR Check if the version of win32k.sys is less than 6.1.7601.18834
  • OR Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND gdr/ldr
  • Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000
  • AND Check if the version of win32k.sys is less than 6.2.9200.21457
  • OR Check if the version of win32k.sys is less than 6.2.9200.17343
  • OR Win 8.1 / 2K12 R2and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of win32k.sys is less than 6.3.9600.17796
  • OR Silverlight Vulnerable version
  • Microsoft Silverlight 5 is installed
  • AND Check if the version of silverlight is less than 5.1.40416.0
  • OR .net 4.5/vista/server 2008/versions
  • either os
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND .Net 4.5/4.5.1/4.5.2
  • Microsoft .NET Framework 4.5.2 is installed
  • OR Microsoft .NET Framework 4.5 is installed
  • OR Microsoft .NET Framework 4.5.1 is installed
  • AND GDR/LDR
  • Check if the version of wpftxt_v0400.dll is less than 4.0.30319.34259
  • OR ldr range
  • Check if the version of wpftxt_v0400.dll is greater than or equal to 4.0.30319.36000
  • AND Check if the version of wpftxt_v0400.dll is less than 4.0.30319.36297
  • OR .net 4.0/win xp.server 2003/vista/server 2008/versions
  • either os
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft .NET Framework 4.0 is installed
  • AND GDR/LDR
  • Check if the version of presentationcore.dll is less than 4.0.30319.1034
  • OR ldr range
  • Check if the version of presentationcore.dll is greater than or equal to 4.0.30319.2000
  • AND Check if the version of presentationcore.dll is less than 4.0.30319.2059
  • OR .net 3.5.1/win 7/server 2008 R2/versions
  • either os
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND either file versions
  • Check if the version of system.printing.dll is less than 3.0.6920.5466
  • OR ldr range
  • Check if the version of system.printing.dll is greater than or equal to 3.0.6920.8000
  • AND Check if the version of system.printing.dll is less than 3.0.6920.8671
  • OR .net 3.5.1/win 8.1/server 2012 R2/versions
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check for vulnerable versions
  • Check if the version of presentationcore.dll is less than 3.0.6920.8005
  • OR Check for LDR
  • Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600
  • AND Check if the version of presentationcore.dll is less than 3.0.6920.8671
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • OR .net 3.0 sp2/vista/server 2008/versions
  • either os
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND GDR/LDR
  • Check if the version of xpsviewer.exe is less than 3.0.6920.4225
  • OR ldr range
  • Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000
  • AND Check if the version of xpsviewer.exe is less than 3.0.6920.8671
  • AND Microsoft .NET Framework 3.0 SP2 is installed
  • OR .net 3.0 sp2/win xp/server 2003/versions
  • either os
  • Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • AND Microsoft .NET Framework 3.0 SP2 is installed
  • AND GDR/LDR
  • Check if the version of xpsviewer.exe is less than 3.0.6920.4082
  • OR ldr range
  • Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000
  • AND Check if the version of xpsviewer.exe is less than 3.0.6920.8673
  • OR For vulnerable Microsoft Lync 2010
  • Microsoft Lync 2010 is installed
  • AND Check if the version of Ogl.dll (Lync 2010) is less than 4.0.7577.4461
  • OR For vulnerable Microsoft Lync 2010 attendee (admin)
  • Microsoft Lync 2010 Attendee (admin level install) is installed
  • AND Check if the version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4461
  • OR For vulnerable Microsoft Lync 2010 attendee (user)
  • Microsoft Lync 2010 Attendee (user level install) is installed
  • AND Check if the version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4461
  • OR lync basic 2013/version
  • Microsoft Lync Basic 2013 is installed
  • AND Check if the version of Autohelper.DLL is less than 15.0.4709.1000
  • OR live meeting 2007/version
  • Microsoft Live Meeting 2007 Console is installed
  • AND Check if the version of Ogl.dll is less than 12.0.6719.5000
  • OR office 2007/version
  • Microsoft Office 2007 is installed
  • AND Check if the version of Ogl.dll is less than 12.0.6719.5000
  • OR office 2010/version
  • Microsoft Office 2010 is installed
  • AND Check if the version of Ogl.dll is less than 14.0.7148.5000
  • OR .net 3.5/win8/server 2012/versions
  • either os
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND GDR/LDR
  • Check if the version of presentationcore.dll is less than 3.0.6920.6418
  • OR Check for LDR
  • Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600
  • AND Check if the version of presentationcore.dll is less than 3.0.6920.8671
    • BACK