CVE-2014-1817

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Office 2007 SP3 Microsoft Office 2010 SP1 and SP2 Microsoft Live Meeting 2007 Console Microsoft Lync 2010 and 2013 Microsoft Lync 2010 Attendee Microsoft Lync Basic 2013

Description A remote code execution issue exists in the way affected components handle specially crafted font files. Exploitation of this issue allows remote code execution if a user opens a specially crafted file or webpage, enabling an attacker to gain complete control of the system. This control allows the attacker to install programs, view, change, or delete data, and create new accounts with full administrative rights.

Recommendations For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows 8.1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Microsoft Windows RT Gold and 8.1, update to a newer version to mitigate the risk. For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP1 and SP2, update to a newer version to mitigate the risk. For Microsoft Live Meeting 2007 Console, update to a newer version to mitigate the risk. For Microsoft Lync 2010 and 2013, update to a newer version to mitigate the risk. For Microsoft Lync 2010 Attendee, update to a newer version to mitigate the risk. For Microsoft Lync Basic 2013, update to a newer version to mitigate the risk.