Lucene search

[email protected]NVD:CVE-2015-6107

HistoryDec 09, 2015 - 11:59 a.m.

CVE-2015-6107

2015-12-0911:59:04

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.939

Percentile

99.2%

JSON

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Graphics Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftlive_meetingMatch2007

microsoftlyncMatch2010

microsoftlyncMatch2013sp1

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp2

microsoftskype_for_businessMatch2016

microsoftword_viewerMatch-

Node

microsoftwindows_10Match-

microsoftwindows_10Match1511

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_rtMatch-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_vistaMatch-sp2

VendorProductVersionCPE
microsoftlive_meeting2007cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*
microsoftlync2013cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftskype_for_business2016cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
microsoftword_viewer-cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101511cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	live_meeting	2007	cpe:2.3:a:microsoft:live_meeting:2007:::::::*
microsoft	lync	2010	cpe:2.3:a:microsoft:lync:2010:::::::*
microsoft	lync	2013	cpe:2.3:a:microsoft:lync:2013:sp1::::::
microsoft	office	2007	cpe:2.3:a:microsoft:office:2007:sp3::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	skype_for_business	2016	cpe:2.3:a:microsoft:skype_for_business:2016:::::::*
microsoft	word_viewer	-	cpe:2.3:a:microsoft:word_viewer:-:::::::*
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_10	1511	cpe:2.3:o:microsoft:windows_10:1511:::::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1::::::