25 matches found
CVE-2015-1671
Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...
CVE-2016-7182
CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...
CVE-2015-6108
CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...
CVE-2017-0108
CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...
CVE-2017-8695
CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...
CVE-2017-0073
Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.
CVE-2016-0145
CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...
CVE-2017-0060
The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....
CVE-2016-3304
CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...
CVE-2015-2464
CVE-2015-2463 and CVE-2015-2464 describe a TrueType font parsing vulnerability that allows remote code execution. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Office 2007 SP3 and 2010 SP2, L...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2017-8676
CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...
CVE-2016-3209
CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...
CVE-2017-8696
CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...
CVE-2016-3303
CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...
CVE-2015-2463
CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...
CVE-2016-3396
CVE-2016-3396 is a GDI+ remote code execution in Graphics Device Interface (GDI) that allows a remote attacker to execute arbitrary code via a crafted embedded font. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R...
CVE-2015-2435
CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...
CVE-2015-2455
CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...
CVE-2015-2456
Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...
CVE-2016-3263
CVE-2016-3263 concerns a GDI+/Graphics Device Interface information-disclosure issue across multiple Windows platforms (Vista SP2 through Windows 10 1607, Windows Server equivalents) that allows remote attackers to bypass ASLR via unspecified vectors. Affected components are GDI/GDI+ in Windows a...
CVE-2015-2431
CVE-2015-2431 is a remote code execution vulnerability in Microsoft Office Graphics Library (OGL) fonts. Affected products include Office 2007 SP3, Office 2010 SP2, Live Meeting 2007 Console, Lync 2010/Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1. The underlying issue is with OGL font handlin...
CVE-2015-6107
CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...
CVE-2016-3262
CVE-2016-3262 and CVE-2016-3263 describe a Graphics Device Interface (GDI+/GDI) information-disclosure problem in multiple Windows versions. The description specifies that remote attackers can bypass ASLR through unspecified vectors. Affected products include Windows Vista SP2, Windows Server 200...
CVE-2015-6106
CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...