CVE-2016-3303

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows Vista SP2 Microsoft Office versions prior to Office 2007 SP3 Microsoft Office versions prior to Office 2010 SP2 Word Viewer (affected versions not specified) Skype for Business versions prior to 2016 Lync versions prior to 2013 SP1 Lync 2010 (affected versions not specified) Live Meeting 2007 Console (affected versions not specified)

Description The issue exists due to insufficient input validation in the Windows font library. This allows a remote attacker to execute arbitrary code using a specially crafted embedded font. The vulnerability can be exploited to take control of the affected system, enabling the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows versions prior to Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Office versions prior to Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office versions prior to Office 2010 SP2, update to a newer version to mitigate the risk. For Word Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Skype for Business versions prior to 2016, update to a newer version to mitigate the risk. For Lync versions prior to 2013 SP1, update to a newer version to mitigate the risk. For Lync 2010, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Live Meeting 2007 Console, at the moment, there is no information about a newer version that contains a fix for this vulnerability.