Microsoft Windows DirectWrite Integer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

MS12-019: Vulnerability in DirectWrite could allow denial of service: March 13, 2012

MS12-019: Vulnerability in DirectWrite could allow denial of service: March 13, 2012 INTRODUCTION Microsoft has released security bulletin MS12-019. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012

MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012 INTRODUCTION Microsoft has released security bulletin MS12-034. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in FontTableRec in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects

The vulnerability of the DirectWriteFontInfo::LoadFontFamilyData function gfx/thebes/gfxDWriteFontList.cpp in the Firefox browser is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially have other unspecified effects throu...

UBUNTU-CVE-2015-7203

Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name...

Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure

Posted by Mateusz Jurczyk of Google Project Zero In the previous series of posts parts 1 2 3 4, we discussed the exploitation process of a serious “blend” vulnerability CVE-2015-0093 / CVE-2015-3052, which was special in that it provided the attacker with an extremely powerful primitive arbitrary...

Microsoft windows DirectWrite Library OpenType Font Handling Sensitive Information Disclosure Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows DirectWrite, which allows remote attackers to exploit the vulnerability by failing to properly handle OpenType fonts, allowing them to construct malicious font files that can be parsed by users a...

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...

CVE-2015-1670

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."...

Spoofing

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...

CVE-2015-1671

Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...

CVE-2015-1670

CVE-2015-1670 is a memory-disclosure vulnerability in the Windows DirectWrite/OPENType pipeline (DirectWrite, and also affecting WPF). The root cause is uninitialized transient memory in the Charstring/interpreter path used by OpenType fonts, which allows leaking 1024 bits (32 entries of 32 bits)...

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...

MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)

The remote Windows host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website...

Microsoft Silverlight < 5.1.40416.00 Multiple Vulnerabilities (MS15-044 / MS15-049) (Mac OS X)

The version of Microsoft Silverlight installed on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincin...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 37 to the stable channel for Windows, Mac and Linux. Chrome 37.0.2062.94 contains a number of fixes and improvements, including: - DirectWrite support on Windows for improved font rendering - A number of new apps/extension APIs -...

Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...