Vulnerability Name: CVE-2015-2435 (CCN-105138) Assigned: 2015-08-11 Published: 2015-08-11 Updated: 2019-05-15 Summary: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." CVSS v3 Severity: 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2015-2435 Source: CCN Type: Microsoft Security Bulletin MS15-080Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) Source: CCN Type: Microsoft Security Bulletin MS15-097Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) Source: CCN Type: Microsoft Security Bulletin MS15-115Security Update for Microsoft Windows to Address Remote Code Execution (3105864) Source: CCN Type: Microsoft Security Bulletin MS15-116Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-123Security Update for Skype for Business and Lync to Address Information Disclosure (3105872) Source: CCN Type: Microsoft Security Bulletin MS15-128Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS15-129Security Update for Silverlight to Address Remote Code Execution (3106614) Source: CCN Type: Microsoft Security Bulletin MS15-131Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS15-132Security Update for Microsoft Windows to Address Remote Code Execution (3116162) Source: CCN Type: Microsoft Security Bulletin MS15-135Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075) Source: CCN Type: Microsoft Security Bulletin MS16-004Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-006Security Update for Silverlight to Address Remote Code Execution (3126036) Source: CCN Type: Microsoft Security Bulletin MS16-008Security Update for Kernel to Address Elevation of Privilege (3124605) Source: CCN Type: Microsoft Security Bulletin MS16-014Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-015Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-031Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Source: CCN Type: Microsoft Security Bulletin MS16-035Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-042Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-044Security Update for Windows OLE (3146706) Source: CCN Type: Microsoft Security Bulletin MS16-048Security Update for CSRSS (3148528) Source: CCN Type: Microsoft Security Bulletin MS16-054Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-060Security Update for Windows Kernel (3154846) Source: CCN Type: Microsoft Security Bulletin MS16-061Security Update for Microsoft RPC (3155520) Source: CCN Type: Microsoft Security Bulletin MS16-070Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-092Security Update for Windows Kernel (3171910) Source: CCN Type: Microsoft Security Bulletin MS16-097Security Update for Microsoft Graphics Component (3177393) Source: CCN Type: Microsoft Security Bulletin MS16-099Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-106Security Update for Microsoft Graphics Component (3185848) Source: CCN Type: Microsoft Security Bulletin MS16-107Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-109Security Update for Silverlight (3182373) Source: CCN Type: Microsoft Security Bulletin MS16-111Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-121Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-122Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-133Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-139Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-148Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS16-155Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-002Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-006Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014Security Update for Microsoft Office (4013241) Source: BID Type: Third Party Advisory, VDB Entry76238 Source: CCN Type: BID-76238Microsoft Windows TrueType Fonts CVE-2015-2435 Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1033238 Source: MISC Type: Third Party Advisory, VDB Entryhttp://www.zerodayinitiative.com/advisories/ZDI-15-387 Source: MS Type: Patch, Vendor AdvisoryMS15-080 Source: XF Type: UNKNOWNms-ttf-cve20152435-code-exec(105138) Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:live_meeting:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:attendee:*:*:* OR cpe:/a:microsoft:lync:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:*:*:*:*:*:*:*:* (Version <= 5.1.40416.0) Configuration 5 :cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:attendee:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x32:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2013:-:x64:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:-:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:* Denotes that component is vulnerable BACK
microsoft .net framework 3.0 sp2
microsoft .net framework 4.0
microsoft .net framework 4.5
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft windows server 2008 - sp2
microsoft windows vista - sp2
microsoft .net framework 3.5.1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft .net framework 3.5
microsoft windows 10 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft live meeting 2007
microsoft lync 2010
microsoft lync 2010
microsoft lync 2013 sp1
microsoft lync basic 2013 sp1
microsoft office 2007 sp3
microsoft office 2010 sp2
microsoft silverlight *
microsoft windows 10 -
microsoft windows 7 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft office 2007 sp3
microsoft silverlight 5.0
microsoft lync 2010
microsoft lync 2010
microsoft lync 2010
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft lync 2013 -
microsoft lync basic 2013 -
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 *