Remote Code Execution Vulnerability in Microsoft Office and Lync Products
CVE-2015-2431

Currently unrated

Key Information:

Vendor: Microsoft
Status: Live Meeting; Lync Basic; Office; Lync
Vendor: CVE Published:; 15 August 2015

Summary

Microsoft products, including several versions of Office and Lync, are susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This can be achieved through specifically crafted Office Graphics Library fonts, posing a significant risk to users and organizations relying on these applications. Proper patching and awareness are essential to mitigate risks associated with this security flaw.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1033238

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/37911/

exploitx_refsource_EXPLOIT-DB

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015