CVE-2016-3304

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Office versions prior to the fixed version Word Viewer version not specified Skype for Business version not specified Live Meeting version not specified Microsoft Lync versions prior to the fixed version

Description The issue exists due to insufficient input validation in the Windows font library. This allows a remote attacker to execute arbitrary code using a specially crafted embedded font. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Microsoft Windows, update to the latest version to resolve the issue. For Microsoft Office, update to the latest version to resolve the issue. For Word Viewer, Skype for Business, Live Meeting, and Microsoft Lync, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of embedded fonts in these applications to minimize the risk of exploitation.