Lucene search
K
MicrosoftLive Meeting

25 matches found

CVE
CVE
added 2015/05/13 10:0 a.m.1089 views

CVE-2015-1671

Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...

9.3CVSS7.3AI score0.54628EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.222 views

CVE-2016-7182

CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...

10CVSS8.7AI score0.30323EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.209 views

CVE-2015-6108

CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...

9.3CVSS7.4AI score0.25998EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.165 views

CVE-2017-0108

CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...

9.3CVSS7AI score0.5047EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.156 views

CVE-2017-8695

CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...

5.3CVSS6AI score0.09643EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.141 views

CVE-2017-0073

Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.

4.3CVSS4.3AI score0.33359EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.140 views

CVE-2016-0145

CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...

9.3CVSS7.7AI score0.43272EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.140 views

CVE-2017-0060

The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....

5.5CVSS4.3AI score0.15939EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.135 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.134 views

CVE-2015-2464

CVE-2015-2463 and CVE-2015-2464 describe a TrueType font parsing vulnerability that allows remote code execution. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Office 2007 SP3 and 2010 SP2, L...

9.3CVSS7.3AI score0.35562EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.130 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.128 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.127 views

CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

5.5CVSS6AI score0.53653EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.119 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.113 views

CVE-2016-3303

CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.107 views

CVE-2015-2463

CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...

9.3CVSS7.3AI score0.34475EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.106 views

CVE-2016-3396

CVE-2016-3396 is a GDI+ remote code execution in Graphics Device Interface (GDI) that allows a remote attacker to execute arbitrary code via a crafted embedded font. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R...

9.3CVSS8.9AI score0.24376EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.104 views

CVE-2015-2435

CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...

9.3CVSS7.4AI score0.2187EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.103 views

CVE-2015-2455

CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...

9.3CVSS7.3AI score0.37429EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.102 views

CVE-2015-2456

Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...

9.3CVSS7.3AI score0.35562EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.98 views

CVE-2016-3263

CVE-2016-3263 concerns a GDI+/Graphics Device Interface information-disclosure issue across multiple Windows platforms (Vista SP2 through Windows 10 1607, Windows Server equivalents) that allows remote attackers to bypass ASLR via unspecified vectors. Affected components are GDI/GDI+ in Windows a...

5.5CVSS6AI score0.31976EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.97 views

CVE-2015-2431

CVE-2015-2431 is a remote code execution vulnerability in Microsoft Office Graphics Library (OGL) fonts. Affected products include Office 2007 SP3, Office 2010 SP2, Live Meeting 2007 Console, Lync 2010/Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1. The underlying issue is with OGL font handlin...

9.3CVSS8AI score0.29843EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.97 views

CVE-2015-6107

CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...

9.3CVSS7.5AI score0.18247EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.87 views

CVE-2016-3262

CVE-2016-3262 and CVE-2016-3263 describe a Graphics Device Interface (GDI+/GDI) information-disclosure problem in multiple Windows versions. The description specifies that remote attackers can bypass ASLR through unspecified vectors. Affected products include Windows Vista SP2, Windows Server 200...

5.5CVSS6AI score0.31976EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.74 views

CVE-2015-6106

CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...

9.3CVSS7.5AI score0.17321EPSS