Kaspersky LabKLA10718KLA10718 Code execution vulnerabilities in Microsoft Graphics Component
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.2%
Improper fonts handling was found in Microsoft Graphics Component used in Multiple Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content.
Original advisories
Related products
Microsoft-Office-Live-Meeting-2007
CVE list
CVE-2015-6108 critical
CVE-2015-6107 critical
CVE-2015-6106 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Microsoft Windows Vista Service Pack 2Microsoft Windows Server 2008 Service Pack 2Microsoft Windows 7 Service Pack 1Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows RTMicrosoft Windows RT 8.1Microsoft Windows 10Microsoft Windows 10 version 1511Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Word ViewerMicrosoft .NET Framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6Microsoft Skype for Business 2016Microsoft Lync 2013 Service Pack 1Microsoft Lync 2010Microsoft Live Meeting 2007 ConsoleMicrosoft Silverlight 5
References
support.microsoft.com/kb/3085612
support.microsoft.com/kb/3085616
support.microsoft.com/kb/3099860
support.microsoft.com/kb/3099862
support.microsoft.com/kb/3099863
support.microsoft.com/kb/3099864
support.microsoft.com/kb/3099866
support.microsoft.com/kb/3099869
support.microsoft.com/kb/3099874
support.microsoft.com/kb/3104503
support.microsoft.com/kb/3106614
support.microsoft.com/kb/3109094
support.microsoft.com/kb/3114351
support.microsoft.com/kb/3114372
support.microsoft.com/kb/3114478
support.microsoft.com/kb/3115870
support.microsoft.com/kb/3115871
support.microsoft.com/kb/3115872
support.microsoft.com/kb/3115873
support.microsoft.com/kb/3115875
support.microsoft.com/kb/3116869
support.microsoft.com/kb/3116900
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6106
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6107
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6108
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office-Live-Meeting-2007/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Skype-for-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.2%