Vulnerability Name: CVE-2015-2464 (CCN-105147) Assigned: 2015-08-11 Published: 2015-08-11 Updated: 2019-05-15 Summary: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463 . CVSS v3 Severity: 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2015-2464 Source: CCN Type: Microsoft Security Bulletin MS15-080Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) Source: CCN Type: Microsoft Security Bulletin MS15-097Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) Source: CCN Type: Microsoft Security Bulletin MS15-115Security Update for Microsoft Windows to Address Remote Code Execution (3105864) Source: CCN Type: Microsoft Security Bulletin MS15-116Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-123Security Update for Skype for Business and Lync to Address Information Disclosure (3105872) Source: CCN Type: Microsoft Security Bulletin MS15-128Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Source: CCN Type: Microsoft Security Bulletin MS15-129Security Update for Silverlight to Address Remote Code Execution (3106614) Source: CCN Type: Microsoft Security Bulletin MS15-131Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS15-132Security Update for Microsoft Windows to Address Remote Code Execution (3116162) Source: CCN Type: Microsoft Security Bulletin MS15-135Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075) Source: CCN Type: Microsoft Security Bulletin MS16-004Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-006Security Update for Silverlight to Address Remote Code Execution (3126036) Source: CCN Type: Microsoft Security Bulletin MS16-008Security Update for Kernel to Address Elevation of Privilege (3124605) Source: CCN Type: Microsoft Security Bulletin MS16-014Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-015Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-031Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Source: CCN Type: Microsoft Security Bulletin MS16-035Security Update for .NET Framework to Address Security Feature Bypass (3141780) Source: CCN Type: Microsoft Security Bulletin MS16-042Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-044Security Update for Windows OLE (3146706) Source: CCN Type: Microsoft Security Bulletin MS16-048Security Update for CSRSS (3148528) Source: CCN Type: Microsoft Security Bulletin MS16-054Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-060Security Update for Windows Kernel (3154846) Source: CCN Type: Microsoft Security Bulletin MS16-061Security Update for Microsoft RPC (3155520) Source: CCN Type: Microsoft Security Bulletin MS16-070Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-092Security Update for Windows Kernel (3171910) Source: CCN Type: Microsoft Security Bulletin MS16-097Security Update for Microsoft Graphics Component (3177393) Source: CCN Type: Microsoft Security Bulletin MS16-099Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-106Security Update for Microsoft Graphics Component (3185848) Source: CCN Type: Microsoft Security Bulletin MS16-107Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-109Security Update for Silverlight (3182373) Source: CCN Type: Microsoft Security Bulletin MS16-111Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-121Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-122Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-133Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-139Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-148Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS16-155Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-002Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-006Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014Security Update for Microsoft Office (4013241) Source: BID Type: Third Party Advisory, VDB Entry76240 Source: SECTRACK Type: Third Party Advisory, VDB Entry1033238 Source: MS Type: Patch, Vendor AdvisoryMS15-080 Source: XF Type: UNKNOWNms-ttf-cve20152464-code-exec(105147) Source: CCN Type: Packet Storm Security [08-21-2015]Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Write In Win32k!fsc_BLTHoriz Source: EXPLOIT-DB Type: EXPLOITOffensive Security Exploit Database [08-21-2015] Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry37914 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:live_meeting:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:attendee:*:*:* OR cpe:/a:microsoft:lync:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:*:*:*:*:*:*:*:* (Version <= 5.1.40416.0) Configuration 5 :cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.0:-:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:silverlight:5.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:attendee:*:*:* OR cpe:/a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x32:* OR cpe:/a:microsoft:lync:2010:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:lync:2013:-:x64:*:*:*:*:* OR cpe:/a:microsoft:lync_basic:2013:-:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
microsoft .net framework 3.0 sp2
microsoft .net framework 4.0
microsoft .net framework 4.5
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft windows server 2008 - sp2
microsoft windows vista - sp2
microsoft .net framework 3.5.1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft .net framework 3.5
microsoft windows 10 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft live meeting 2007
microsoft lync 2010
microsoft lync 2010
microsoft lync 2013 sp1
microsoft lync basic 2013 sp1
microsoft office 2007 sp3
microsoft office 2010 sp2
microsoft silverlight *
microsoft windows 7 -
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft .net framework 3.5
microsoft windows server 2008
microsoft .net framework 3.5.1
microsoft .net framework 4.0
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft .net framework 3.0 sp2
microsoft office 2007 sp3
microsoft silverlight 5.0
microsoft lync 2010
microsoft .net framework 4.5
microsoft lync 2010
microsoft lync 2010
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft lync 2013 -
microsoft lync basic 2013 -
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft .net framework 4.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6