CVE-2015-1671

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 3.0 SP2 through 4.5.2 Microsoft Office versions 2007 SP3 through 2010 SP2 Microsoft Live Meeting version 2007 Console Microsoft Lync versions 2010 through 2013 SP1 Microsoft Lync Basic version 2013 SP1 Microsoft Silverlight versions 5 through 5.1.40416.00 Microsoft Silverlight Developer Runtime versions 5 through 5.1.40416.00

Description The vulnerability is related to errors in parsing TrueType fonts, which can allow remote attackers to execute arbitrary code via a crafted TrueType font. An attacker who successfully exploited this vulnerability could take complete control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. This can be achieved by opening a specially crafted document or web page containing embedded TrueType fonts.

Recommendations For Microsoft .NET Framework versions 3.0 SP2 through 4.5.2, update to a newer version to mitigate the risk. For Microsoft Office versions 2007 SP3 through 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Live Meeting version 2007 Console, update to a newer version to mitigate the risk. For Microsoft Lync versions 2010 through 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Lync Basic version 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Silverlight versions 5 through 5.1.40416.00, update to version 5.1.40416.00 or later to mitigate the risk. For Microsoft Silverlight Developer Runtime versions 5 through 5.1.40416.00, update to version 5.1.40416.00 or later to mitigate the risk. As a temporary workaround, consider restricting the use of TrueType fonts in affected applications until a patch is available.