CVE-2015-6108

Severity CVSS v4.0:

Pending analysis

Type:

CWE-119 Buffer Errors

Publication date:

09/12/2015

Last modified:

12/04/2025

Description

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.30 HIGH
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

9.30

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:microsoft:live_meeting:2007:::::::*
cpe:2.3:a:microsoft:lync:2010:::::::*
cpe:2.3:a:microsoft:lync:2013:sp1::::::
cpe:2.3:a:microsoft:office:2007:sp3::::::
cpe:2.3:a:microsoft:office:2010:sp2::::::
cpe:2.3:a:microsoft:silverlight:5.0:::::::*
cpe:2.3:a:microsoft:skype_for_business:2016:::::::*
cpe:2.3:a:microsoft:word_viewer:-:::::::*
cpe:2.3:o:microsoft:windows_7:-:sp1::::::
cpe:2.3:o:microsoft:windows_8:-:::::::*
cpe:2.3:o:microsoft:windows_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_rt:-:::::::*
cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:microsoft:live_meeting:2007:::::::*
cpe:2.3:a:microsoft:lync:2010:::::::*
cpe:2.3:a:microsoft:lync:2013:sp1::::::
cpe:2.3:a:microsoft:office:2007:sp3::::::
cpe:2.3:a:microsoft:office:2010:sp2::::::
cpe:2.3:a:microsoft:silverlight:5.0:::::::*
cpe:2.3:a:microsoft:skype_for_business:2016:::::::*
cpe:2.3:a:microsoft:word_viewer:-:::::::*
cpe:2.3:o:microsoft:windows_7:-:sp1::::::
cpe:2.3:o:microsoft:windows_8:-:::::::*
cpe:2.3:o:microsoft:windows_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_rt:-:::::::*
cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*

CVE-2015-6108

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools