CVE-2015-2510

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Lync 2013 SP1 Microsoft Lync Basic 2013 SP1 Microsoft Live Meeting 2007 Console

Description A buffer overflow in the Adobe Type Manager Library allows remote attackers to execute arbitrary code via a crafted OpenType font. This issue is caused by the improper handling of specially crafted OpenType fonts by components of Windows, Office, and Lync. An attacker who successfully exploits this issue could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2, update to a newer version that contains a fix for this issue. For Microsoft Office 2007 SP3, update to a newer version that contains a fix for this issue. For Microsoft Office 2010 SP2, update to a newer version that contains a fix for this issue. For Microsoft Lync 2010, update to a newer version that contains a fix for this issue. For Microsoft Lync 2010 Attendee, update to a newer version that contains a fix for this issue. For Microsoft Lync 2013 SP1, update to a newer version that contains a fix for this issue. For Microsoft Lync Basic 2013 SP1, update to a newer version that contains a fix for this issue. For Microsoft Live Meeting 2007 Console, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of specially crafted OpenType fonts until a patch is available.