CVE-2015-2462

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
41.5%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 15, 2015 (3926 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

CWE

CWE-20

Affected Products

microsoft .net frameworkmicrosoft windows 10microsoft windows 7microsoft windows 8microsoft windows 8.1microsoft windows rtmicrosoft windows rt 8.1microsoft windows server 2008microsoft windows server 2012microsoft windows vista

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 www.exploit-db.com 🔗 www.securityfocus.com