CVE-2015-6108

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Word Viewer Microsoft .NET Framework versions 3.0 SP2 through 4.6 Microsoft Skype for Business 2016 Microsoft Lync 2010 Microsoft Lync 2013 SP1 Microsoft Live Meeting 2007 Console Microsoft Silverlight 5

Description The issue is caused by a buffer overflow in the Windows font library, allowing remote attackers to execute arbitrary code via a crafted embedded font. This can enable an attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 8, update to a newer version that contains a fix for this issue. For Microsoft Windows 8.1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a newer version that contains a fix for this issue. For Microsoft Windows RT Gold and 8.1, update to a newer version that contains a fix for this issue. For Microsoft Office 2007 SP3, update to a newer version that contains a fix for this issue. For Microsoft Office 2010 SP2, update to a newer version that contains a fix for this issue. For Microsoft Word Viewer, update to a newer version that contains a fix for this issue. For Microsoft .NET Framework versions 3.0 SP2 through 4.6, update to a newer version that contains a fix for this issue. For Microsoft Skype for Business 2016, update to a newer version that contains a fix for this issue. For Microsoft Lync 2010, update to a newer version that contains a fix for this issue. For Microsoft Lync 2013 SP1, update to a newer version that contains a fix for this issue. For Microsoft Live Meeting 2007 Console, update to a newer version that contains a fix for this issue. For Microsoft Silverlight 5, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of embedded fonts in the Windows font library until a patch is available.