Vulnerability Change Records for CVE-2015-2455

Change History

CVE Modified by Microsoft Corporation 11/28/2016 2:19:58 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/76216 [No Types Assigned]

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:essentials:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*

CVE Modified by Microsoft Corporation 10/12/2018 6:9:38 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080 [No Types Assigned]
Removed Reference
http://technet.microsoft.com/security/bulletin/MS15-080 [Patch, Vendor Advisory]

								
						

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:datacenter:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*

Modified Analysis 8/18/2015 1:42:30 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
          *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
          *cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
          *cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
          *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
          *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
          *cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:datacenter:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:essentials:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:standard:*:*:*
          *cpe:2.3:o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*
          *cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*
          *cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:x86:*
          *cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:x64:*
          *cpe:2.3:a:microsoft:lync:2010:*:*:*:attendee:*:*:*
          *cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:x64:*
          *cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:x86:*
          *cpe:2.3:a:microsoft:lync_basic:2013:sp1:*:*:*:*:x64:*
          *cpe:2.3:a:microsoft:lync_basic:2013:sp1:*:*:*:*:x86:*
          *cpe:2.3:a:microsoft:silverlight:5.1.40416.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:4.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
          *cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
Added CVSS V2

								
							
							
						
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Added CWE

								
							
							
						
CWE-20
Changed Reference Type
http://technet.microsoft.com/security/bulletin/MS15-080 No Types Assigned
http://technet.microsoft.com/security/bulletin/MS15-080 Advisory, Patch

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:standard:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*

CVE Modified by Microsoft Corporation 9/16/2017 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.exploit-db.com/exploits/37919/ [No Types Assigned]

Initial CVE Analysis 8/18/2015 12:8:19 PM

Action Type Old Value New Value

CVE Translated 8/26/2015 10:45:03 PM

Action Type Old Value New Value
Added Translation

								
							
							
						
Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10, Office 2007 SP3 y 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight en versiones anteriores a 5.1.40728 y .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, permite a atacantes remotos ejecutar código arbitrario a través de fuente TrueType manipulada, también conocida como "TrueType Font Parsing Vulnerability", una vulnerabilidad diferente a CVE-2015-2456.
Removed Translation
Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10, Office 2007 SP3 y 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight en versiones anteriores a 5.1.40728 y .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, permite a atacantes remotos ejecutar código arbitrario a través de fuente TrueType manipulada, también conocida como "TrueType Font Parsing Vulnerability", una vulnerabilidad diferente de la CVE-2015-2456.

								
						

CVE Modified by Microsoft Corporation 9/20/2017 9:29:05 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1033238 [No Types Assigned]