Remote Code Execution Vulnerability in Microsoft Windows and Office Products
CVE-2015-6107

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word Viewer; Live Meeting; Lync; Office
Vendor: CVE Published:; 9 December 2015

Summary

A vulnerability in the Windows font library allows remote attackers to execute arbitrary code by leveraging a crafted embedded font. This issue affects various versions of Microsoft Windows, including Vista, Windows 7, Windows 8.1, and multiple Office products. An exploited vulnerability can lead to unauthorized access and control over affected systems, posing significant security risks to users.

References

http://www.securitytracker.com/id/1034333

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1034331

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 9, 2015
Vulnerability Reserved
Aug 14, 2015