CVE-2015-2460

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
51.8%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 15, 2015 (3926 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

CWE

CWE-20

Affected Products

microsoft .net framework

References

🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 www.exploit-db.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com