304 matches found
Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012
MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012 INTRODUCTION Microsoft has released security bulletin MS12-034. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...
MS12-019: Vulnerability in DirectWrite could allow denial of service: March 13, 2012
MS12-019: Vulnerability in DirectWrite could allow denial of service: March 13, 2012 INTRODUCTION Microsoft has released security bulletin MS12-019. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...
UBUNTU-CVE-2015-7203
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name...
Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure
Posted by Mateusz Jurczyk of Google Project Zero In the previous series of posts parts 1 2 3 4, we discussed the exploitation process of a serious “blend” vulnerability CVE-2015-0093 / CVE-2015-3052, which was special in that it provided the attacker with an extremely powerful primitive arbitrary...
Microsoft windows DirectWrite Library OpenType Font Handling Sensitive Information Disclosure Vulnerability
Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows DirectWrite, which allows remote attackers to exploit the vulnerability by failing to properly handle OpenType fonts, allowing them to construct malicious font files that can be parsed by users a...
CVE-2015-1671
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...
CVE-2015-1670
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."...
Spoofing
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...
CVE-2015-1671
Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...
CVE-2015-1670
CVE-2015-1670 is a memory-disclosure vulnerability in the Windows DirectWrite/OPENType pipeline (DirectWrite, and also affecting WPF). The root cause is uninitialized transient memory in the Charstring/interpreter path used by OpenType fonts, which allows leaking 1024 bits (32 entries of 32 bits)...
CVE-2015-1671
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...
MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
The remote Windows host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website...
CVE-2015-1671
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...
Microsoft Silverlight < 5.1.40416.00 Multiple Vulnerabilities (MS15-044 / MS15-049) (Mac OS X)
The version of Microsoft Silverlight installed on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincin...
Stable Channel Update
The Chrome team is delighted to announce the promotion of Chrome 37 to the stable channel for Windows, Mac and Linux. Chrome 37.0.2062.94 contains a number of fixes and improvements, including: - DirectWrite support on Windows for improved font rendering - A number of new apps/extension APIs -...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities
The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs...
Firefox < 31.0 Multiple Vulnerabilities
The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...
Mozilla Thunderbird < 31.0 Multiple Vulnerabilities
The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...