CVE-2015-6107

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows 10 1511 Microsoft Office versions prior to Office 2010 SP2 Skype for Business 2016 and earlier Lync 2013 SP1 and earlier Live Meeting 2007 Console and later versions are not specified Windows Font Library (affected versions not specified)

Description The issue is caused by a buffer overflow in the Windows font library. Exploitation of this issue may allow a remote attacker to execute arbitrary code using a specially crafted embedded font. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows versions prior to Windows 10 1511, update to a newer version to mitigate the risk. For Microsoft Office versions prior to Office 2010 SP2, update to a newer version to mitigate the risk. For Skype for Business 2016 and earlier, consider disabling the use of embedded fonts until a patch is available. For Lync 2013 SP1 and earlier, consider restricting access to specially crafted embedded fonts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Live Meeting 2007 Console.