43 matches found
CVE-2013-3906
CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...
CVE-2015-1671
Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...
CVE-2020-1025
CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...
CVE-2019-1084
CVE-2019-1084 affects Microsoft Exchange (display name creation with non-printable characters) leading to information disclosure. Root cause: display names with invalid characters bypass visibility controls and can be added to conversations; impact is partial confidentiality exposure per CVSS dat...
CVE-2016-7182
CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...
CVE-2015-6108
CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...
CVE-2012-1858
CVE-2012-1858 concerns the toStaticHTML (SafeHTML) sanitization function used in Internet Explorer 8/9, SharePoint, and Lync/Communicator. The vulnerability arises because the HTML sanitization logic can be bypassed via crafted HTML/CSS, enabling cross-site scripting (XSS) or information disclosu...
CVE-2017-0108
CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...
CVE-2017-0283
CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...
CVE-2017-8527
Technical details for CVE-2017-8527 are not publicly available in the provided documents. No specifics on affected products, vulnerable components, root cause, exploits, or fixes are included here. Monitor for updates from official advisories.
CVE-2017-8695
CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...
CVE-2012-1849
CVE-2012-1849 is an Untrusted search path DLL loading vulnerability in Microsoft Lync 2010 and related components (Attendee/Attendant). The root cause is loading of a Trojan horse DLL from the current working directory, demonstrated with a .ocsmeet file, enabling local privilege elevation. Affect...
CVE-2017-0073
Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.
CVE-2016-0145
CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...
CVE-2017-0060
The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....
CVE-2018-8238
Summary of CVE-2018-8238 (Skype for Business/Lync Security Feature Bypass) : The issue arises when Skype for Business or Lync fail to properly parse UNC path links shared via messages, enabling a security feature bypass. An attacker could exploit this by persuading a logged-in user to click a cra...
CVE-2016-3304
CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...
CVE-2015-2464
CVE-2015-2463 and CVE-2015-2464 describe a TrueType font parsing vulnerability that allows remote code execution. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Office 2007 SP3 and 2010 SP2, L...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2017-8676
CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...
CVE-2016-3209
CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...
CVE-2013-1302
The CVE-2013-1302 issue affects Microsoft Lync-related clients and servers (Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, Lync Server 2013). It is a use-after-free in which Lync components fail to handle memory objects that have been deleted, enabling remote code execution when a user is i...
CVE-2017-8696
CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2016-3303
CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...
CVE-2015-2463
CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...
CVE-2016-3396
CVE-2016-3396 is a GDI+ remote code execution in Graphics Device Interface (GDI) that allows a remote attacker to execute arbitrary code via a crafted embedded font. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R...
CVE-2015-2435
CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...
CVE-2015-2455
CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...
CVE-2015-2456
Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...
CVE-2018-8546
CVE-2018-8546 is a denial-of-service vulnerability in Skype for Business (also affecting Lync) caused by improper handling of emojis. An attacker could trigger a DoS by sending a sequence of emojis, causing the target service to stop responding. Microsoft’s MSRC advisory notes the fix addresses e...
CVE-2013-3129
CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...
CVE-2015-2431
CVE-2015-2431 is a remote code execution vulnerability in Microsoft Office Graphics Library (OGL) fonts. Affected products include Office 2007 SP3, Office 2010 SP2, Live Meeting 2007 Console, Lync 2010/Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1. The underlying issue is with OGL font handlin...
CVE-2016-3263
CVE-2016-3263 concerns a GDI+/Graphics Device Interface information-disclosure issue across multiple Windows platforms (Vista SP2 through Windows 10 1607, Windows Server equivalents) that allows remote attackers to bypass ASLR via unspecified vectors. Affected components are GDI/GDI+ in Windows a...
CVE-2018-8311
CVE-2018-8311 is a remote code execution vulnerability in Skype for Business and Lync caused by improper sanitization of crafted content. The issue could allow code execution in the context of the logged-in user, via remote, user-initiated action (e.g., viewing crafted content or links). Affected...
CVE-2015-6107
CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...
CVE-2019-1209
CVE-2019-1209 affects Microsoft Lync 2013/Lync Server 2013. The Red Hat and Microsoft advisories describe an information-disclosure vulnerability in which an attacker could read arbitrary files on a victim’s machine by manipulating conference-related content and links. The in-the-wild risk is tie...
CVE-2015-2510
CVE-2015-2510 is a buffer overflow vulnerability in the Adobe Type Manager Library used by multiple Windows components (Vista SP2, Server 2008 SP2, Office 2007 SP3/2010 SP2, Lync and Live Meeting suites). The issue arises when processing crafted OpenType fonts, allowing remote code execution with...
CVE-2017-11786
CVE-2017-11786 affects Microsoft Lync 2013 SP1 and Skype for Business 2016. Root cause: improper handling of authentication requests, enabling an attacker to steal an authentication hash and reuse it elsewhere. Impact: privilege escalation and potential unauthorized actions by the attacker using ...
CVE-2016-3262
CVE-2016-3262 and CVE-2016-3263 describe a Graphics Device Interface (GDI+/GDI) information-disclosure problem in multiple Windows versions. The description specifies that remote attackers can bypass ASLR through unspecified vectors. Affected products include Windows Vista SP2, Windows Server 200...
CVE-2012-2520
CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...
CVE-2015-6061
CVE-2015-6061 is an XSS/info-disclosure flaw in Microsoft Skype for Business 2016, Lync 2010/2013 SP1, Lync 2010 Attendee, and Lync Room System caused by improper sanitization of instant-message content. A remote attacker can inject arbitrary web script/HTML via an IM session, potentially leaking...
CVE-2015-6106
CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...