CVE-2015-1670

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.0 SP2 through 4.5.2

Description An information disclosure issue exists in Microsoft Windows due to the improper handling of OpenType fonts by the Windows DirectWrite library. This allows an attacker to potentially read data that was not intended to be disclosed. The issue does not permit an attacker to execute code or directly elevate their user rights but could be used to obtain information that might be used to further compromise the affected system.

Recommendations For Microsoft .NET Framework versions 3.0 SP2 through 4.5.2, consider restricting access to OpenType fonts until a patch is available. As a temporary workaround, consider disabling the use of OpenType fonts in the Windows DirectWrite library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.