CVE-2015-2431

2015-08-1500:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-2431

microsoft office

live meeting

lync

remote code execution

security vulnerability

nvd

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.621 Medium

EPSS

Percentile

97.8%

JSON

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka “Microsoft Office Graphics Component Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:live_meetingmicrosoft live meetingeq2007
microsoft:lync_basicmicrosoft lync basiceq2013
microsoft:officemicrosoft officeeq2010
microsoft:lyncmicrosoft lynceq2010

CPE	Name	Operator	Version
microsoft:live_meeting	microsoft live meeting	eq	2007
microsoft:lync_basic	microsoft lync basic	eq	2013
microsoft:office	microsoft office	eq	2010
microsoft:lync	microsoft lync	eq	2010