KLA10718Code execution vulnerabilities in Microsoft Graphics Component

2015-12-08T00:00:00
ID KLA10718
Type kaspersky
Reporter Kaspersky Lab
Modified 2018-12-04T00:00:00

Description

CVSS:

9.3

Detect date:

12/08/2015

Severity:

High

Description:

Improper fonts handling was found in Microsoft Graphics Component used in Multiple Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content.

Affected products:

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows 10 version 1511
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Word Viewer
Microsoft .NET Framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6
Microsoft Skype for Business 2016
Microsoft Lync 2013 Service Pack 1
Microsoft Lync 2010
Microsoft Live Meeting 2007 Console
Microsoft Silverlight 5

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2015-6108
CVE-2015-6107
CVE-2015-6106

Impacts:

ACE

Related products:

Microsoft Silverlight

CVE-IDS:

CVE-2015-6108
CVE-2015-6107
CVE-2015-6106

Microsoft official advisories:

KB list:

3109094
3116900
3116869
3106614
3114478
3114372
3085616
3114351
3085612
3099863
3099862
3099860
3099866
3099864
3099869
3115873
3115872
3115871
3115870
3115875
3104503
3099874