CVE-2015-6130

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is caused by an integer underflow in Uniscribe, allowing remote attackers to execute arbitrary code via a crafted font. A remote code execution vulnerability exists when Windows Uniscribe improperly parses specially crafted fonts. An attacker who successfully exploited the issue could install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1, update to a version that includes the fix for the integer underflow in Uniscribe. For other affected versions of Microsoft Windows, apply the necessary patch or update to resolve the remote code execution vulnerability. As a temporary workaround, consider restricting the use of specially crafted fonts to minimize the risk of exploitation.