CVE-2015-6108

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
44.4%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 9, 2015 (3810 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."

CWE

CWE-119

Affected Products

microsoft live meetingmicrosoft lyncmicrosoft officemicrosoft silverlightmicrosoft skype for businessmicrosoft word viewermicrosoft windows 7microsoft windows 8microsoft windows 8.1microsoft windows rt

References

🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com