CVE-2016-0145

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold and 1511 Office 2007 SP3 and 2010 SP2 Word Viewer .NET Framework 3.0 SP2, 3.5, and 3.5.1 Skype for Business 2016 Lync 2010 Lync 2010 Attendee Lync 2013 SP1 Live Meeting 2007 Console

Description The vulnerability exists in the font library of Microsoft Windows and the .NET Framework, caused by a buffer overflow. This issue allows remote attackers to execute arbitrary code via a crafted embedded font. In the event of a successful exploitation, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Windows 7 SP1, update to a newer version to mitigate the risk. For Windows 8.1, update to a newer version to mitigate the risk. For Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Windows RT 8.1, update to a newer version to mitigate the risk. For Windows 10 Gold and 1511, update to a newer version to mitigate the risk. For Office 2007 SP3 and 2010 SP2, update to a newer version to mitigate the risk. For Word Viewer, update to a newer version to mitigate the risk. For .NET Framework 3.0 SP2, 3.5, and 3.5.1, update to a newer version to mitigate the risk. For Skype for Business 2016, update to a newer version to mitigate the risk. For Lync 2010, update to a newer version to mitigate the risk. For Lync 2010 Attendee, update to a newer version to mitigate the risk. For Lync 2013 SP1, update to a newer version to mitigate the risk. For Live Meeting 2007 Console, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of embedded fonts in the font library until a patch is available.