CVE-2015-2463

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1 Office 2007 SP3 and 2010 SP2 Live Meeting 2007 Console Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1 Silverlight versions prior to 5.1.40728 .NET Framework versions 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6

Description A remote code execution issue exists due to the improper handling of TrueType fonts in components of Windows, .NET Framework, Office, Lync, and Silverlight. This allows an attacker to gain complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, update to a version that properly handles TrueType fonts. For Office 2007 SP3 and 2010 SP2, update to a version that properly handles TrueType fonts. For Live Meeting 2007 Console, update to a version that properly handles TrueType fonts. For Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, update to a version that properly handles TrueType fonts. For Silverlight, update to version 5.1.40728 or later. For .NET Framework versions 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6, update to a version that properly handles TrueType fonts. As a temporary workaround, consider restricting the use of TrueType fonts in the affected components until a patch is available.